Healthcare
Health systems, payers, and digital-health companies cannot ship raw PHI to a model vendor. DataDam is the layer where minimum-necessary becomes a deterministic policy instead of a hopeful prompt instruction.
Pressure
Each of these is what stops a healthcare AI pilot at legal review. Each has a control answer that has to live below the model.
A general-purpose LLM provider that retains your prompts is a covered party only if you have a BAA in place and the data was handled inside the agreement. Most BAAs do not extend to inference logs at scale. Mask before the boundary or do not cross it.
HIPAA expects PHI access to be the minimum necessary for the task. An agent that retrieves a full chart when the task asks for a single field is over the line. The mask is not a nicety. It is the rule.
45 CFR 164.312(b) expects audit controls. The pilot you are running this quarter is in scope. If you cannot produce a complete log of which agent read what PHI when, you are out of compliance now, not later.
Workloads
Three patterns we see across every healthcare pilot. The risk column is the privacy-office objection. The control column is the answer.
Risk without governance
Patient name, MRN, date of birth, diagnosis, and free-text notes ship together to the model. A single prompt-log retention window can put thousands of patients on a vendor server.
DataDam control
PHI fields mask by tag. Generalize date of birth to year, redact MRN, hash patient identifier with a per-org salt. The agent gets summary capability without ever seeing identifiable PHI.
Risk without governance
PA agents bridge two systems with different PHI exposure rules. The cross-system join is exactly where minimum-necessary breaks down.
DataDam control
Per-source field policies plus contract-level access control. The agent reads only the fields the contract authorizes for the role. Drift detection alerts when an upstream schema adds a new identifier you have not policied yet.
Risk without governance
Reporting workloads need broad longitudinal access. Without an audit trail, you cannot prove which records the agent actually used in the calculation.
DataDam control
Append-only audit rollup with hash-chained tamper evidence. Six-year retention by default under the HIPAA blueprint. Lineage graph traces every output back to the queries that produced it.
Risk without governance
Clinicians and care managers paste screenshots into agent chats. PHI hides inside the pixels: patient names on chart headers, MRNs on bracelets, dates of birth on insurance cards, faces on ID photos. Text-only DLP misses every one of them.
DataDam control
Image attachments scan through the same proxy as text prompts. The pipeline pulls text out of the image, runs it through the same 200+ entity recognizers, and detects faces, ID cards, credit cards, and signatures structurally. Detected regions are blacked out before the vendor receives the request. Audit row stamps which entities fired and which pixels were redacted.
HIPAA blueprint
The HIPAA blueprint blocks below a trust score of 600, sets PII confidence to 0.4 for conservative detection, and pushes audit retention to 2,190 days. PHI fields tagged in your contract mask by default. The proxy will not pass an unmasked PHI column to a role that the contract does not authorize.
Self-hosted deployment means the proxy runs inside your environment with your credentials. Plaintext PHI does not leave your network at any point in the request path. Compliance reviewers can verify this at the network boundary.
Tokenize mode covers the right-to-amend pattern. Reversible identifiers stay inside the proxy and never reach the model.
The proxy is BAA-ready and runs in your environment. Connect your EHR, claims store, or data warehouse. Apply the HIPAA blueprint. Show your privacy office a complete audit trail in the first hour of running traffic.