Your BAA covers the pipes. 1331 covers the model.
Regional hospital systems, specialty networks, and BCBS-affiliated plans use 1331 so ambient documentation, intake, prior-auth, and revenue-cycle AI run inside the HIPAA boundary their privacy office can actually defend.
“Covered entities and business associates must implement reasonable and appropriate administrative, physical, and technical safeguards to protect ePHI — including when AI-enabled services process protected information.”
Most cloud-AI BAAs cover the infrastructure layer (storage, transit, access control) but explicitly carve out model training, inference logging, and abuse-monitoring telemetry. The proposed 2025 Security Rule update narrows that gap further: 'reasonable and appropriate' will be read to mean PHI does not transit a model your privacy office cannot audit.
“Our ambient-documentation pilot was working — and then Compliance read the vendor's BAA carve-out for 'model improvement' and asked us to explain to the board why the hospital is training OpenAI on patient notes.”
Most systems start in a Controlled posture (HITRUST-certifiable private VPC) and move the most sensitive workloads (oncology, behavioral health, pediatrics) to an Owned appliance behind the EHR firewall.
Compliance by architecture, not by contract footnote.
PHI never crosses the network boundary
Inference runs on infrastructure inside your HITRUST scope. There is no third-party model endpoint receiving prompts containing PHI — by architecture, not by a BAA carve-out you have to argue about.
No training on prompts, ever
Open-weight models are pinned to a specific version. There is no upstream provider improving its base model on your patient encounters.
Per-service-line audit trail
Every inference is tagged with the requesting application, user role, and patient identifier (or pseudonymous token). Exports to Epic/Cerner audit feeds and your SIEM are first-class.
Bias and high-risk classification, documented
For prior-auth and clinical decision support, 1331 produces the evaluation artifacts CMS and the EU AI Act high-risk classification will ask for — including model card, evaluation set, and override logs.
The decision is rarely one person.
We've built collateral for each seat at the table — from the GC reading the bulletin to the platform lead writing the diagram.
The next board question won't be 'are we using AI?' It will be 'where does the PHI go when we do?'
1331 gives the Privacy Officer a network diagram with zero PHI egress, the CMIO a working ambient-doc and intake workflow, and the CFO a per-encounter cost that does not scale with every clinician adopting the tool.