JamesPolk.net

HIPAA, the BAA and AI Monitoring for CASM!

You can design your inference pipeline so that you both honor the BAA / HIPAA constraints on PHI and still deploy AI (or tooling) to detect CSAM—what it takes is careful segmentation, de-identification, minimal exposure, and explicit policy alignment. Here’s a practical, HIPAA-aware pattern that accomplishes both:

1. Architectural separation: detect CSAM without unnecessary PHI exposure

a. Front-end/content filtering layer (pre-PHI inference)

  • All incoming content is first routed through a CSAM detection subsystem that operates before any PHI-bearing context is attached or enriched. This subsystem inspects raw uploads (images, documents, etc.) for signs of CSAM using AI models/hashes (e.g., perceptual hashing, visual classifiers, known CSAM hash databases, synthetic detection heuristics). Because at this stage you haven’t “linked” the content to identifiable patient context, the risk of violating minimum necessary or disclosure rules is minimized.

    • If the content is flagged as CSAM, handle it under your mandatory reporting/legal obligations pathway. HIPAA permits disclosures to comply with law (e.g., reporting child abuse/exploitation) and to law enforcement when required. CHILD USAOrrick

b. PHI inference pipeline (downstream)

  • Only content that has passed the CSAM check (or content that is known safe) then enters the PHI-sensitive AI inference workflow under the BAA with full HIPAA technical safeguards (encryption, access controls, audit logging, etc.). This keeps the systems that “see” PHI separate from the systems doing illicit content detection, avoiding unnecessary internal inspection of PHI by components not needed for the healthcare task. The HIPAA JournalTonic

2. De-identification / tokenization for overlapping use cases

If you have to process content that contains both potential CSAM signals and PHI (e.g., a clinical image or note), you can:

  • De-identify the PHI first using either the Safe Harbor method or Expert Determination so the data passed into the CSAM detection model has no direct identifiers. Expert Determination allows an expert to assess and certify the residual risk is acceptably low. HHS.govProtecto

  • Alternatively, extract only the minimal features needed for CSAM detection (e.g., image pixels, visual embeddings) and never retain or transmit the linked identifiers—apply “minimum necessary” rigor. Simbo AIAIHC

This means your CSAM detector operates on either (1) content prior to enrichment with identity metadata or (2) a de-identified surrogate, so the business associate/AI system isn’t unnecessarily exposed to identifiable PHI while still catching abusive material.

3. Contractual and policy alignment in the BAA

  • Explicitly define scopes in your BAA (or addenda) so that any internal content scanning for safety/legal compliance (like CSAM detection) is either:

    • Scoped as a permitted internal safeguard, or

    • Performed in a separate subsystem that does not require access to identified PHI (and therefore isn’t treated as an impermissible use).
      Documentation of that separation (e.g., data flow diagrams, access control boundaries) strengthens your risk analysis. Microsoft LearnMicrosoft Learn

  • Include handling of flagged CSAM in your incident response / disclosure procedures, making clear: if CSAM involving a minor appears (even embedded in something that formerly contained PHI), reporting to appropriate authorities is permitted under HIPAA’s exceptions for law compliance/child abuse reporting. CHILD USA

4. Technical controls to reduce risk

  • On-device or isolated sandbox inference: Do CSAM detection in an isolated environment (e.g., client-side where possible, or a segregated service) so that models do not retain or log full content linked to identities.

  • Hashing/fingerprinting: For known CSAM, use hashed fingerprints (e.g., PhotoDNA-style) so the system doesn’t have to store raw content long-term—only matches against known illicit signatures. Orrick

  • Audit logs and access controls: Ensure any operator or system that sees flagged content is audited, and limit visibility to the minimum necessary personnel. Tonic

5. Risk analysis and expert determination

  • As part of your HIPAA risk assessment, document the entire dual pipeline: how CSAM detection is performed, what data enters each subsystem, what de-identification methods are used, and the residual re-identification risk. If you’re using de-identified derivatives, have an expert formally assess and sign off where required. HHS.govTonic

6. Summary recommendation

  1. Segregate CSAM detection from PHI inference. Do illicit content scanning before any identifying linkage or on de-identified data. Simbo AIAIHC

  2. Ensure your BAA reflects that separation and permits necessary safety scanning or isolates it to non-identified data. Microsoft LearnMicrosoft Learn

  3. Use expert determination if de-identifying PHI to feed into joint workflows. HHS.govProtecto

  4. Build clear incident/mandatory reporting processes for when CSAM is detected, leveraging HIPAA’s permitted disclosures for abuse reporting. CHILD USA