You are already seeing it in your daily workflow.

The AI scribe that turns a chaotic room conversation into a perfectly structured note.

The radiology algorithm that quietly highlights a finding you might have overlooked on a long call shift.

These tools feel like superpowers. And in many ways, they are. But beneath the sleek interface lies a quiet reality that caught most of the industry by surprise in 2025: Standard-form Business Associate Agreements signed ten, five, or three years ago were drafted when “business associate” typically meant an EHR vendor, billing company, your attorney, or cloud storage provider whose use of PHI was limited, predictable, and almost always performed solely on behalf of the covered entity.

Today’s AI systems frequently operate under a fundamentally different model: they ingest, analyze, and retain protected health information at scale in order to train, fine-tune, or continually improve foundational models – uses that fall outside traditional HIPAA “permitted purposes” unless explicitly authorized and tightly controlled.

The result is a widening mismatch between contractual language and technological reality.

Key Regulatory and Industry Context

In January 2025, the Department of Health and Human Services published proposed amendments to the HIPAA Security Rule – the first substantive overhaul in over a decade explicitly addressing artificial intelligence as a risk vector and requiring enhanced governance for AI systems in security risk analyses. Major vendors such as OpenAI, Microsoft, Google, and others have since introduced HIPAA-compliant Business Associate Agreements tailored for AI processing.

Emerging Consensus on Essential BAA Provisions for AI Vendors

Healthcare privacy experts and organizations have focused on a set of AI-specific provisions that are now viewed as baseline requirements for new agreements and amendments to legacy ones. These enhancements address the unique risks of AI, such as unclear data processing, persistent model retention, and re-identification vulnerabilities.

1. Prohibition on Unauthorized Training or Improvement Uses: Explicit language barring the use of PHI for model training, fine-tuning, or product enhancement unless the covered entity provides separate, written authorization, often with requirements for compensation or de-identification to HIPAA standards. This prevents PHI from becoming a de facto asset for the vendor’s broader commercial ecosystem.

2. Data Minimization and Purpose Limitation: Requirements that limit PHI access to the minimum necessary for the contracted service, with strict prohibitions on secondary uses or sharing across models or customers.

3. Retention, Return, and Destruction Obligations: Mandates for the prompt return or irreversible destruction of PHI and any derivatives upon termination, typically within 30–90 days, to mitigate long-term retention risks.

4. Re-Identification Safeguards: Warranties that the business associate will not attempt to re-identify de-identified data, coupled with indemnification for any breaches of this commitment, given advances in AI-driven re-identification techniques.

5. Subcontractor and Sub-Processor Controls: Prior written approval for any third- or fourth-party processors, with flow-down requirements ensuring all parties adhere to identical AI-protective terms.

6. Audit, Transparency, and Reporting Rights: Expanded access to documentation such as data lineage, model cards, and training logs, enabling periodic audits to verify compliance, balanced with vendor confidentiality needs.

7. Technical and Security Safeguards: Detailed specifications for AI-specific protections, including encryption of PHI at rest and in transit, role-based access controls, secure transmission protocols, and measures to prevent AI “hallucinations” that could inadvertently disclose PHI.

These provisions are increasingly standard in contracts at major health systems and are recommended as essential for robust AI governance. They reflect a shift toward treating AI vendors not as mere service providers, but as stewards of potentially perpetual data assets.

Practical Implications of Outdated BAAs in the AI Context

The consequences of relying on legacy BAAs extend far beyond theoretical compliance gaps, with tangible financial, operational, and reputational repercussions that have materialized in 2025 enforcement actions and litigation.

Financially, outdated agreements expose providers to direct liability for unauthorized disclosures. For instance, if PHI is used in model training without explicit permission, the covered entity may face OCR fines under HIPAA’s strict liability regime, as the business associate’s actions are imputed to the provider.

Operationally, the opacity of AI systems amplifies risks: without audit rights, providers cannot verify whether PHI persists in models post-termination or if subcontractors comply with safeguards, leading to disrupted vendor relationships and costly remediation efforts. The proposed Security Rule changes further mandate AI-inclusive risk assessments, meaning non-compliant BAAs could trigger broader system-wide audits and workflow halts.

Reputational harm is perhaps the most insidious implication. As AI outputs increasingly enter public demos, research, or even consumer-facing tools, patients may recognize sensitive details from their records, eroding trust in an industry already grappling with breach fatigue.

In essence, an unmodernized BAA transforms AI’s promise into a liability trap, where a single overlooked clause can cascade into regulatory scrutiny, litigation, and lost patients’ confidence. Providers who proactively amend agreements are not only mitigating these risks but positioning themselves to leverage AI more securely and ethically.

The healthcare providers best positioned for the next phase of AI adoption are those whose contracts reflect the technology they are actually deploying today. Your patients have always trusted you with their most sensitive information. In the AI era, that trust now travels further and lasts longer than most of us realized just a few years ago. Staying current on these evolving issues has never been more critical. For tailored counsel on integrating AI responsibly, contact our healthcare attorneys at (212) 668-0200 or info@mdrxlaw.com.