System · AI Compliance Copilot

Ask HIPAA questions. Without your data leaving the perimeter.

PIPAA runs on Patient Protect's secure inference layer — or on air-gapped hardware at your practice. No third-party cloud LLM. Architectural compliance, not asserted.

Start 14-day free trial Or book a demo

Pro plan·Starting at $99/mo

Patient Protect — AI Compliance Copilot

HIPAA mapping

What this satisfies in the Security Rule.

4 citations, each with the specific AI Compliance Copilot behavior that satisfies it. The mapping is the receipt — what you can show an auditor without assembling anything new.

§164.502(a)

Uses and disclosures of PHI

No PHI is disclosed to a third party because no PHI ever leaves your perimeter. Cloud-based AI assistants cannot make this claim.

§164.514(a)

De-identification standard

PIPAA does not require de-identification before processing because processing happens locally. The de-identification gymnastics that govern cloud-AI-with-PHI workflows do not apply.

§164.312(a)(1)

Access control

PIPAA respects your workforce role configuration. The Copilot answers within the scope the asking workforce member is authorized for.

§164.308(a)(4)

Information access management

PIPAA's access patterns are logged in the same audit trail as every other PHI interaction.

What it does

The AI question, answered architecturally.

Every other “HIPAA AI” sends your prompt to a third-party cloud model — OpenAI, Anthropic, Google. Your question (which usually contains the patient context that makes it worth asking) leaves your environment, gets processed by a third party, and may be retained for training. That is not HIPAA-compliant. It cannot be made HIPAA-compliant by policy.

PIPAA solves this with architecture, not policy. Production PIPAA runs in two modes — both keep your prompts away from any third-party cloud LLM: PIPAA Cloud runs on Patient Protect's HIPAA-compliant inference infrastructure (PHI never leaves the PP perimeter, never touches OpenAI or Anthropic), and PIPAA Air-Gapped runs on hardware deployed at your office (PHI never leaves your network at all).

Ask the Copilot a compliance question in plain English. It answers with reference to your actual configuration — your SRA, your policies, your workforce, your audit history — and cites both the regulatory text and the platform records that informed the answer. When the Copilot doesn't know, it says so. It does not hallucinate citations.

How it works

5 mechanisms keep AI Compliance Copilot working.

Two deployment modes — both keep PHI away from third-party LLMs.

PIPAA Cloud runs on Patient Protect's secure inference infrastructure: your prompts and data stay inside the PP perimeter, never traverse OpenAI / Anthropic / Google. PIPAA Air-Gapped runs on a Mac Mini M-series (or compatible) deployed at your office: zero outbound network, zero third-party calls. Pick the mode that matches your governance bar — both are architecturally HIPAA-compliant.

Retrieval over your platform data.

The Copilot retrieves from your live Patient Protect data when answering. SRA responses, policy text, workforce records, audit events, BAA states — all are accessible to the Copilot within the role scope of the asking member. The answer is grounded in your reality, not generic HIPAA advice.

CFR-grounded citations.

Every regulatory claim is cited with a § reference. The Copilot will not assert a HIPAA requirement without the citation. When the citation is contested or evolving, the Copilot says so.

Role-scoped responses.

The Copilot respects role permissions. A Medical Care Staff member asking about workforce records gets a different answer than the Office Administrator asking the same question. The model cannot show what the requester is not authorized to see.

Audit trail integration.

Every Copilot interaction is logged in the Personnel ePHI Audit when PHI is involved in the query. The audit shows the question, the role, the timestamp, and a hash of the response. Useful both for regulatory documentation and for office governance of AI use.

Who this is for

Built for the practices that need it most.

Practices that have ruled out cloud AI for compliance reasons.

If your compliance team or counsel has said no to ChatGPT, no to Claude.ai for clinical contexts, no to “we'll use the API with a BAA” — PIPAA is the answer that doesn't require trusting the provider, because the provider isn't in the loop.

Practices that want AI without the AI risk.

Cloud AI assistants are getting capable enough that workforce members will use them with or without office sanction. The shadow AI risk in healthcare is meaningful. PIPAA gives the workforce a sanctioned tool that's actually compliant — reducing the incentive for unsanctioned alternatives.

Specialty practices with high-sensitivity data.

Behavioral health, substance use, reproductive health, HIV care, and similar sectors operate under additional confidentiality restrictions (42 CFR Part 2 in some cases). The cloud-AI compliance gap is widest here. PIPAA's local architecture is particularly well-fit for these contexts.

Connected to

No module is an island.

AI Compliance Copilotworks because it's connected. Every signal feeds another module; every closure becomes evidence somewhere else.

System layer

Autonomous Compliance Engine

Ask the Copilot about your task queue and get plain-English answers about what's open, what's closing, and why.

Learn more

System layer

Risk Intelligence

Query your risk profile in natural language; the Copilot reads from the same data that drives your dashboards.

Learn more

Intelligence layer

Data Flow Mapper

Ask the Copilot about specific PHI flows; it answers from the live flow map.

Learn more

What you get

5outcomes you'll feel in week one.

Zero PHI exposure to cloud AI providers.

No prompts leave your perimeter. No data is available for training.

Plain-English access to your compliance state.

Workforce members get answers without learning the platform's UI inside out.

CFR-cited responses.

Every regulatory claim is citation-backed. The Copilot will not bluff.

Sanctioned alternative to shadow AI.

Reduces the workforce pull toward non-compliant tools.

Architectural compliance, not asserted.

Compliance is verifiable in the deployment topology, not in a vendor BAA. Auditors see exactly where data goes — and where it doesn't.

FAQ

What people ask first.

8 questions cover most first-time evaluations. See all FAQs →

What's the difference between PIPAA Cloud and PIPAA Air-Gapped?

Both keep your data away from any third-party cloud LLM (OpenAI, Anthropic, Google). PIPAA Cloud runs on Patient Protect's secure HIPAA-compliant infrastructure — the default for Pro subscribers, no setup required. PIPAA Air-Gapped runs on a Mac Mini M-series unit (or compatible) deployed in your office, with zero outbound network — for buyers who require true on-premises and total network isolation. Same Copilot, different deployment topology.

What hardware does PIPAA Air-Gapped require?

A Mac Mini M-series unit (M2 Pro or later recommended) running in your office, or compatible local infrastructure under your control. Patient Protect provides setup guidance; the hardware is a separate purchase. PIPAA Cloud requires no hardware on your side.

How accurate is the model?

PIPAA is purpose-built for HIPAA compliance domains and grounded in retrieval over your live data. Within scope, accuracy is high and citations are verifiable. The Copilot does not pretend to be GPT-4 — it is a domain expert, not a general assistant.

What if PIPAA doesn't know an answer?

It says so. The model is tuned to say “I don't have enough context to answer that” rather than guess. Hallucinated citations are flagged in development and fixed; production behavior is heavily audited.

Can PIPAA write policies for us?

PIPAA can draft policy text grounded in your office's existing configuration. Drafts go through the standard policy adoption flow — review, edit, version, acknowledge. The Copilot is a drafting accelerator, not an auto-adoption mechanism.

Is PIPAA included in the base Patient Protect subscription?

PIPAA Cloud is a Pro plan feature — included, no extra fee, no hardware purchase. PIPAA Air-Gapped requires the Pro subscription plus the Mac Mini (or compatible) hardware as a separate capital purchase. Practices on Core can ask compliance questions through the standard help and documentation surfaces.

Does the public “Ask PIPAA” demo on this site use the same architecture?

No. The free public demo at /ask-pipaa uses Anthropic's Claude to illustrate the PIPAA interface and conversational style. It is not connected to your Patient Protect data and should never receive PHI. Production PIPAA — both Cloud and Air-Gapped modes — runs without any third-party cloud LLM in the loop.

What does “PIPAA” stand for?

Privacy-preserving Inference for the Privacy and Accountability Act. The architecture is documented in detail in our research papers; see /research for the technical write-up.

Continue exploring

Related features in the platform.

System

Autonomous Compliance Engine

Auto-generates work from your SRA. Closes when conditions are met. No manual check-offs. No missed deadlines.

Learn more

System

Risk Intelligence

Risk recalculates the moment a gap closes. Not at quarter-end. Not when you remember to run a report. The picture is always current.

Learn more

Intelligence

Data Flow Mapper

Visual map of every place PHI flows in your practice. Vendors. Systems. Workforce. Find concentration risk before it concentrates into a breach.

Learn more

Next step

Architecture does the compliance work for you.

The hardware sits on a shelf in your office. The model answers in seconds. The compliance is structural, not asserted.

Start 14-day free trial →or book a demo

No contracts. No consultants. Starting at $99/mo.