The Baseline
HIPAA requires safeguards for PHI. AI agents that see, store, or generate from PHI require BAAs with all sub-processors. Salesforce Einstein Trust Layer covers some of this; external LLMs need specific BAAs.
Configuration
Trust Layer PII masking set to PHI-specific patterns. Audit logging on every prompt/response. Retention aligned with HIPAA record retention requirements. Regional processing to stay within US data residency.
De-Identification
Where possible, de-identify before sending to LLM. Safe-harbor method (18 identifiers removed) strips most risk. When de-identification isn’t possible, ensure the full BAA chain and audit trail.
Agent Design
Human-in-loop for clinical decisions always. Agents assist; clinicians decide. Agent drafts can be summaries, suggestions, reminders — not diagnoses or treatment plans. Document the human oversight.