System · AI Compliance Copilot

Ask HIPAA questions. Without your data leaving the system.

PIPAA runs entirely on-premises. No cloud calls, no training exposure, no third-party processing. The first AI compliance assistant designed for the architectural reality of healthcare.

Start 14-day free trial Or book a demo

Pro plan·Starting at $99/mo

Patient Protect — AI Compliance Copilot

HIPAA mapping

What this satisfies in the Security Rule.

4 citations, each with the specific AI Compliance Copilot behavior that satisfies it. The mapping is the receipt — what you can show an auditor without assembling anything new.

§164.502(a)

Uses and disclosures of PHI

No PHI is disclosed to a third party because no PHI ever leaves your perimeter. Cloud-based AI assistants cannot make this claim.

§164.514(a)

De-identification standard

PIPAA does not require de-identification before processing because processing happens locally. The de-identification gymnastics that govern cloud-AI-with-PHI workflows do not apply.

§164.312(a)(1)

Access control

PIPAA respects your workforce role configuration. The Copilot answers within the scope the asking workforce member is authorized for.

§164.308(a)(4)

Information access management

PIPAA's access patterns are logged in the same audit trail as every other PHI interaction.

What it does

The AI question, answered architecturally.

Every other “HIPAA AI” sends your prompt to a cloud model. Your question — which often contains the patient context that makes the question worth asking — leaves your environment, gets processed by a third party, and may be retained for training. That is not HIPAA-compliant. It cannot be made HIPAA-compliant by policy.

PIPAA is the answer that took architecture to solve, not policy. The model runs on a local Mac Mini M-series unit deployed in your office or on infrastructure under your control. Your prompts never leave that perimeter. Your data is never available for training. The compliance is structural — verifiable in the network configuration, not asserted in a vendor agreement.

Ask the Copilot a compliance question in plain English. The Copilot answers with reference to your actual configuration — your SRA, your policies, your workforce, your audit history — and cites both the regulatory text and the platform records that informed the answer. When the Copilot doesn't know, it says so. It does not hallucinate citations.

How it works

5 mechanisms keep AI Compliance Copilot working.

On-premises model deployment.

A Mac Mini M-series unit (or compatible local infrastructure) runs the model continuously. The platform connects to the local endpoint over your office network. No outbound traffic to AI providers. No API keys. No usage telemetry transmitted to third parties.

Retrieval over your platform data.

The Copilot retrieves from your live Patient Protect data when answering. SRA responses, policy text, workforce records, audit events, BAA states — all are accessible to the Copilot within the role scope of the asking member. The answer is grounded in your reality, not generic HIPAA advice.

CFR-grounded citations.

Every regulatory claim is cited with a § reference. The Copilot will not assert a HIPAA requirement without the citation. When the citation is contested or evolving, the Copilot says so.

Role-scoped responses.

The Copilot respects role permissions. A Medical Care Staff member asking about workforce records gets a different answer than the Office Administrator asking the same question. The model cannot show what the requester is not authorized to see.

Audit trail integration.

Every Copilot interaction is logged in the Personnel ePHI Audit when PHI is involved in the query. The audit shows the question, the role, the timestamp, and a hash of the response. Useful both for regulatory documentation and for office governance of AI use.

Who this is for

Built for the practices that need it most.

Practices that have ruled out cloud AI for compliance reasons.

If your compliance team or counsel has said no to ChatGPT, no to Claude.ai for clinical contexts, no to “we'll use the API with a BAA” — PIPAA is the answer that doesn't require trusting the provider, because the provider isn't in the loop.

Practices that want AI without the AI risk.

Cloud AI assistants are getting capable enough that workforce members will use them with or without office sanction. The shadow AI risk in healthcare is meaningful. PIPAA gives the workforce a sanctioned tool that's actually compliant — reducing the incentive for unsanctioned alternatives.

Specialty practices with high-sensitivity data.

Behavioral health, substance use, reproductive health, HIV care, and similar sectors operate under additional confidentiality restrictions (42 CFR Part 2 in some cases). The cloud-AI compliance gap is widest here. PIPAA's local architecture is particularly well-fit for these contexts.

Connected to

No module is an island.

AI Compliance Copilotworks because it's connected. Every signal feeds another module; every closure becomes evidence somewhere else.

System layer

Autonomous Compliance Engine

Ask the Copilot about your task queue and get plain-English answers about what's open, what's closing, and why.

Learn more

System layer

Risk Intelligence

Query your risk profile in natural language; the Copilot reads from the same data that drives your dashboards.

Learn more

Intelligence layer

Data Flow Mapper

Ask the Copilot about specific PHI flows; it answers from the live flow map.

Learn more

What you get

5outcomes you'll feel in week one.

Zero PHI exposure to cloud AI providers.

No prompts leave your perimeter. No data is available for training.

Plain-English access to your compliance state.

Workforce members get answers without learning the platform's UI inside out.

CFR-cited responses.

Every regulatory claim is citation-backed. The Copilot will not bluff.

Sanctioned alternative to shadow AI.

Reduces the workforce pull toward non-compliant tools.

Architectural compliance, not asserted.

The compliance is verifiable in network configuration. Auditors get a deployment diagram, not a vendor BAA.

FAQ

What people ask first.

6 questions cover most first-time evaluations. See all FAQs →

What hardware does PIPAA require?

A Mac Mini M-series unit (M2 Pro or later recommended) running in your office, or compatible local infrastructure under your control. Patient Protect provides setup guidance; the hardware is purchased separately.

How accurate is the model?

PIPAA is purpose-built for HIPAA compliance domains and grounded in retrieval over your live data. Within scope, accuracy is high and citations are verifiable. The Copilot does not pretend to be GPT-4 — it is a domain expert, not a general assistant.

What if PIPAA doesn't know an answer?

It says so. The model is tuned to say “I don't have enough context to answer that” rather than guess. Hallucinated citations are flagged in development and fixed; production behavior is heavily audited.

Can PIPAA write policies for us?

PIPAA can draft policy text grounded in your office's existing configuration. Drafts go through the standard policy adoption flow — review, edit, version, acknowledge. The Copilot is a drafting accelerator, not an auto-adoption mechanism.

Is PIPAA included in the base Patient Protect subscription?

PIPAA is a Pro plan feature. The Mac Mini hardware is a separate capital purchase. Practices on Core can ask compliance questions through the standard help and documentation surfaces.

What does “PIPAA” stand for?

Privacy-preserving Inference for the Privacy and Accountability Act. The architecture is documented in detail in our research papers; see /research for the technical write-up.

Continue exploring

Related features in the platform.

System

Autonomous Compliance Engine

Auto-generates work from your SRA. Closes when conditions are met. No manual check-offs. No missed deadlines.

Learn more

System

Risk Intelligence

Risk recalculates the moment a gap closes. Not at quarter-end. Not when you remember to run a report. The picture is always current.

Learn more

Intelligence

Data Flow Mapper

Visual map of every place PHI flows in your practice. Vendors. Systems. Workforce. Find concentration risk before it concentrates into a breach.

Learn more

Next step

Architecture does the compliance work for you.

The hardware sits on a shelf in your office. The model answers in seconds. The compliance is structural, not asserted.

Start 14-day free trial →or book a demo

No contracts. No consultants. Starting at $99/mo.