HIPAA Compliance Ontology

A comprehensive formal verification ruleset for HIPAA Privacy Rule, Security Rule (including 2025 updates), and AI governance requirements. Version 2.0.0 with 76 constraints.

76
Formal Constraints
104
Data Extractors
14
Categories
Z3
SMT Verified

1. Overview

The HIPAA ontology provides formal verification of AI/LLM outputs against healthcare compliance requirements. Unlike pattern-matching or ML-based approaches, aare.ai uses the Z3 SMT solver to mathematically prove whether outputs comply with HIPAA regulations.

Why Automated Reasoning? Traditional guardrails use probabilistic detection (e.g., "98% accuracy"). For healthcare compliance with penalties up to $2.1M per violation, you need mathematical certainty. Z3 provides provable guarantees.

Coverage

2. What Problem Does This Solve?

Healthcare organizations deploying LLMs face significant compliance risks:

$9.77 million - Average cost of a healthcare data breach in 2024
$2.1 million - Maximum HIPAA penalty per violation
259 million - Individuals affected by healthcare breaches in 2024 (up from 27M in 2020)

The Challenge with AI in Healthcare

How aare.ai Helps

This ontology enables real-time verification of LLM outputs before they reach users. When integrated via the MCP server, Claude can self-verify its healthcare responses against 76 formal constraints.

3. Constraint Categories

PHI Detection (15 constraints)

Detects and blocks disclosure of the 18 HIPAA identifiers:

  • Patient names, dates of birth, Social Security numbers
  • Street addresses, phone numbers, email addresses
  • Medical record numbers, health plan IDs, account numbers
  • Device identifiers, IP addresses, URLs
  • Biometric data, photographs, vehicle identifiers

AI Governance (6 constraints)

New requirements for AI systems processing PHI:

  • AI_TRAINING_DATA_CONSENT - PHI used for AI training requires explicit patient consent
  • AI_MODEL_BIAS_DISCLOSURE - AI recommendations must disclose model limitations
  • AI_HUMAN_REVIEW - AI clinical decisions require qualified human review
  • AI_ALGORITHM_TRANSPARENCY - AI outputs must reference algorithm version/source
  • AI_VENDOR_BAA - External AI vendors (OpenAI, Anthropic) require BAA
  • AI_RISK_ASSESSMENT - AI systems require documented risk assessment

2025 Security Rule (6 constraints)

Based on the December 2024 HHS proposed rule updates:

  • SECURITY_MFA_REQUIRED - Multi-factor authentication for PHI access
  • SECURITY_ENCRYPTION_AT_REST - PHI must be encrypted at rest
  • SECURITY_ASSET_INVENTORY - PHI systems must be in documented inventory
  • SECURITY_VULN_SCAN - 6-month vulnerability scanning requirement
  • SECURITY_72HR_RECOVERY - Critical systems need 72-hour recovery plan
  • SECURITY_NETWORK_MAP - PHI data flows must be documented

Special Protections (5 constraints)

Enhanced protections for sensitive categories:

  • MENTAL_HEALTH_PSYCHOTHERAPY - Psychotherapy notes require separate authorization
  • SUBSTANCE_ABUSE_42CFR - Substance abuse records require 42 CFR Part 2 compliance
  • GENETIC_GINA_COMPLIANCE - Genetic information requires GINA compliance
  • RESEARCH_IRB_APPROVAL - Research use of PHI requires IRB approval
  • RESEARCH_LIMITED_DATA_SET - Limited data sets require data use agreement

4. All Constraints (English)

Below is every constraint in the ontology, organized by category. Each includes the formal logical formula and regulatory citation.

PHI Detection

15 constraints

PHI_NAME_DISCLOSURE

Patient name must not be disclosed to unauthorized recipients

NOT(has_patient_name AND NOT recipient_authorized)
HIPAA Section 164.502(a)(1)

PHI_DOB_DISCLOSURE

Date of birth must be de-identified or authorized

NOT(has_dob AND NOT is_deidentified)
HIPAA Section 164.514(b)

PHI_SSN_ZERO_TOLERANCE

Social Security Numbers are strictly prohibited in outputs

NOT has_ssn
HIPAA Section 164.514(b)(2)(i)(L)

PHI_MRN_ZERO_TOLERANCE

Medical Record Numbers must not be disclosed externally

NOT(has_mrn AND recipient_external)
HIPAA Section 164.514(b)(2)(i)(N)

De-Identification

9 constraints

DEIDENTIFY_ALL_18

All 18 HIPAA identifiers must be removed for Safe Harbor

is_deidentified IMPLIES phi_count = 0
HIPAA Section 164.514(b)(2)

DEIDENTIFY_AGE_THRESHOLD

Ages over 89 must be aggregated to "90+"

patient_age > 89 IMPLIES age_aggregated
HIPAA Section 164.514(b)(2)(i)(C)

DEIDENTIFY_ZIP_CODE

ZIP codes must be truncated to first 3 digits

NOT has_full_zip
HIPAA Section 164.514(b)(2)(i)(B)

AI Governance

6 constraints

AI_TRAINING_DATA_CONSENT

PHI used for AI/ML training requires explicit patient consent

NOT(mentions_ai_training AND has_phi AND NOT has_consent_mention)
OCR AI Guidance December 2024

AI_MODEL_BIAS_DISCLOSURE

AI-generated clinical recommendations must disclose model limitations

ai_generated_recommendation IMPLIES has_limitation_disclosure
HHS AI Governance Framework 2024

AI_HUMAN_REVIEW

AI outputs affecting treatment require qualified human review

ai_clinical_decision IMPLIES has_human_review_mention
OCR Section 1557 Guidance December 2024

AI_VENDOR_BAA

AI vendors processing PHI must have Business Associate Agreement

uses_external_ai IMPLIES has_baa_mention
HIPAA Section 164.502(e)

2025 Security Rule

6 constraints

SECURITY_MFA_REQUIRED

Multi-factor authentication required for PHI access

accesses_phi IMPLIES has_mfa_mention
2025 HIPAA Security Rule CPG-1

SECURITY_72HR_RECOVERY

Critical systems must have 72-hour recovery plan

is_critical_system IMPLIES has_recovery_plan
2025 HIPAA Security Rule - Disaster Recovery

SECURITY_ASSET_INVENTORY

Systems with PHI must be in documented asset inventory

has_phi IMPLIES asset_inventoried
2025 HIPAA Security Rule Proposed Updates

Access Control

9 constraints

ACCESS_MINIMUM_NECESSARY

Only minimum necessary information should be disclosed

phi_count <= minimum_necessary_threshold
HIPAA Section 164.502(b)(1)

ACCESS_ROLE_PHYSICIAN

Treatment details require physician-level access

has_treatment_details IMPLIES (recipient_role_physician OR is_deidentified)
HIPAA Section 164.502(b)

Business Associate

3 constraints

BAA_THIRD_PARTY

Third-party PHI access requires Business Associate Agreement

third_party_access IMPLIES has_baa_mention
HIPAA Section 164.502(e)(1)

BAA_CLOUD_PROVIDER

Cloud services storing PHI require BAA

uses_cloud_storage IMPLIES cloud_baa_confirmed
OCR Cloud Computing Guidance
See All 76 Constraints: The full list is available in the JSON section below, or explore the interactive HIPAA demo.

5. Usage

Python (aare-core)

from aare_core import SMTVerifier, LLMParser, OntologyLoader

loader = OntologyLoader()
ontology = loader.load('hipaa-v1')
parser = LLMParser()
verifier = SMTVerifier()

llm_output = """
Based on the patient's medical record, the AI system recommends
considering metformin. This recommendation was reviewed by Dr. Smith
and has limitations - consult your physician for clinical judgment.
"""

values = parser.parse(llm_output, ontology)
result = verifier.verify(values, ontology)

print(f"Compliant: {result['verified']}")
print(f"Violations: {len(result['violations'])}")

MCP Server (Claude Desktop / Claude Code)

See the MCP Server documentation for integration.

REST API

curl -X POST https://api.aare.ai/verify \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: your-api-key" \
  -d '{
    "llm_output": "Patient John Doe (SSN: 123-45-6789) ...",
    "ontology": "hipaa-v1"
  }'

6. Regulatory References

This ontology is based on the following regulatory sources:

HIPAA Privacy Rule HIPAA Security Rule 2025 Security Rule Updates 42 CFR Part 2 GINA

Key Citations

7. Full Ontology JSON

Below is the complete ontology JSON file. This can be used directly with aare-core or customized for your organization's specific requirements.

Note: This is a large file (~1800 lines). The JSON is collapsed by default. Click "Show JSON" to expand.

Download