AI/ML products that process health data inherit HIPAA obligations most AI teams are not set up for. We map PHI through your model pipeline and build the safeguards.
More context on this sector on our AI/ML industry page, and on the framework itself on our HIPAA hub.
Tailored to AI/ML, delivered by a Toronto security and compliance team led by a published CVE researcher, with our partner Lorikeet Security where offensive testing is involved.
See the full HIPAA service page, or productized pricing for fixed-scope engagements.
Only under a signed BAA and with appropriate safeguards; not every provider will sign one. We help you determine which providers are usable and how to configure data handling.
Yes — PHI is PHI wherever it lands, including prompts, embeddings, and logs. We map those flows and lock them down.
If you handle PHI and sell to enterprises, usually both. They share many controls, so we run them together.
Book a free 30-minute discovery call. We will tell you whether this engagement fits, what it would cost, and when we could start.