Pretense
Back to Blog
·9 min read
HIPAAComplianceHealthcare

HIPAA Compliance With AI Coding Assistants: A Practical Guide

How AI coding assistants create PHI exposure risk in healthcare software teams. Mutation as a HIPAA technical safeguard, and how the Pretense audit log satisfies HIPAA documentation requirements.

HIPAA Does Not Prohibit AI Coding Tools

Let's start with what the regulation actually says. HIPAA does not prohibit using AI coding assistants. It prohibits transmitting Protected Health Information to unauthorized third parties without a Business Associate Agreement.

The relevant question is not "can we use Claude Code?" It is "does our use of Claude Code transmit PHI or information that references PHI in ways that require safeguards?"

For most healthcare software teams, the answer is yes, and the current practice is inadequate. This guide covers where the exposure lies, what the regulation requires, and how mutation addresses the technical safeguard requirement without forcing developers to change their workflow.

Where PHI Lives in a Healthcare Codebase

Healthcare engineers know that patient records contain PHI. They are generally careful about not pasting patient data into AI tools. The less obvious exposure comes from code that describes PHI structures without containing PHI values.

Consider these examples:

typescript
interface PatientRecord {
  mrn: string;              // Medical Record Number
  dateOfBirth: string;
  diagnosisCodes: string[]; // ICD-10
  attendingPhysicianNPI: string;
  insuranceMemberId: string;

function resolveClaimsByMemberId(memberId: string): Promise<ClaimRecord[]> { return db.query('SELECT * FROM claims WHERE member_id = ?', [memberId]); } ```

Neither of these contains actual patient data. But when sent to an LLM API, they disclose:

- That the system stores medical record numbers (MRN is a PHI identifier under HIPAA's 18 safe harbor identifiers) - That the system stores date of birth (another HIPAA identifier) - That the system stores insurance member IDs (another HIPAA identifier) - The schema of the PHI storage - The database query patterns for accessing PHI

This is not PHI itself. But under HIPAA's definition of individually identifiable health information, transmitting details about the system that stores and processes PHI to an unauthorized third party is a gray area that your compliance counsel will tell you to avoid.

The clearer case: if a developer passes a code file that includes test fixtures with realistic patient data (a common practice in healthcare teams that use production-like data for development), actual PHI is being transmitted to the LLM API.

What HIPAA Requires Technically

The HIPAA Security Rule specifies two categories of safeguards: required and addressable.

For electronic PHI transmission, 164.312(e)(1) requires: "Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network."

For access control, 164.312(a)(1) requires: "Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights."

When code that references PHI structures is transmitted to an LLM API, the API endpoint is not a person or software program that has been granted access rights under your access control framework. The AI provider has not signed a Business Associate Agreement covering this use case (the BAA you may have with your AI provider covers the service itself, not the incidental disclosure of system architecture details in prompts).

The practical implication: you need either a technical safeguard that prevents PHI-adjacent information from reaching the LLM, or a formal BAA with the LLM provider that explicitly covers prompt content, or a determination from your compliance counsel that the code patterns you are sending do not constitute PHI or PHI-adjacent information.

Most healthcare organizations opt for the technical safeguard because it is faster and more defensible than trying to get a custom BAA scope from a major AI provider.

How Mutation Works as a HIPAA Technical Safeguard

Pretense addresses the HIPAA exposure through two mechanisms.

**Identifier mutation**: Before code reaches the LLM API, Pretense replaces PHI-adjacent identifiers with synthetics:

typescript
// What the developer writes (never transmitted):
interface PatientRecord {
  mrn: string;
  dateOfBirth: string;
  diagnosisCodes: string[];

// What the LLM API receives (PretenseMut synthetics): interface _cls5b7a { _v3d8b: string; _v9k1m: string; _v4f2c: string[]; } ```

The LLM receives a structurally equivalent interface with no healthcare-specific identifiers. It can reason about the code structure, suggest improvements, generate tests, and produce refactors. The output comes back with synthetic identifiers, which Pretense reverses before the developer sees the response.

No PHI-adjacent identifiers left the network. The LLM never learned that the system stores MRNs, dates of birth, or insurance member IDs.

**Secrets blocking**: Pretense includes a pattern library that detects PHI in code:

- Medical record numbers (MRN patterns) - DEA numbers - NPI numbers - Insurance member ID patterns - Date of birth in test fixtures - Social Security Numbers

When these patterns are detected in a prompt, Pretense blocks the request and surfaces an error before any transmission occurs.

The Audit Trail as HIPAA Documentation

HIPAA's documentation requirements (164.316) require maintaining written policies and procedures and documentation of actions, activities, or assessments required by the Security Rule.

For AI tool usage, the documentation question auditors increasingly ask is: "How do you document that PHI controls are applied consistently to AI tool usage?"

Without a tool like Pretense, the answer is "developer training and policy attestation." This is weak from an auditor's perspective because it relies entirely on human judgment and has no audit trail.

With Pretense, the answer is: "Every AI coding session produces a structured log entry that includes the session timestamp, the model endpoint, the count of mutations applied, the count of secrets blocked, and the file paths processed. This log is retained for 13 months and available for auditor review."

json
{
  "timestamp": "2026-04-03T09:12:44Z",
  "session": "sess_8c3f",
  "file": "src/claims/resolver.ts",
  "model": "claude-opus-4",
  "endpoint": "http://localhost:9339 -> api.anthropic.com",
  "mutations": 14,
  "secretsBlocked": 0,
  "phiPatternsDetected": 0,
  "roundTripFidelity": "100%"
}

This is a verifiable, machine-generated audit trail, not a policy attestation. It demonstrates that technical controls were applied to the session, not just that a policy exists.

Practical Deployment for Healthcare Teams

For healthcare engineering organizations, the deployment sequence is:

1. Deploy Pretense as a team-wide proxy: install on developer machines, set ANTHROPIC_BASE_URL=http://localhost:9339 in the shared development environment configuration.

2. Enable PHI pattern detection: pretense config set phi-mode=strict enables the full PHI pattern library including MRN, NPI, DEA, and insurance ID patterns.

3. Configure the CI/CD gate: add the Pretense gate to your pipeline to verify that API calls are routing through the proxy. This catches developer machines that are not configured correctly.

4. Export audit logs regularly: pretense audit --export=json --range=90d produces a compliance report. Schedule this as part of your standard security reporting cadence.

5. Update your risk assessment: Document the deployment of technical safeguards in your HIPAA risk assessment.

A Note on Test Data

Test files are a common source of PHI in codebases. Developers create test fixtures with realistic-looking data and sometimes use real patient identifiers from development databases. Pretense detects these patterns during the scan phase, but the underlying issue requires remediation: replace real PHI in test fixtures with synthetic data that follows the same structural patterns.

bash
# Scan for PHI in test files specifically
pretense scan --path tests/ --phi-mode --format report

Cleaning up PHI in test files is a one-time investment that eliminates a persistent compliance risk, regardless of AI tool usage.

[Schedule a demo to see the HIPAA compliance report](/demo) or [review enterprise pricing at /pricing](/pricing).

Share this article

Share on XShare on LinkedIn
Get Started with Pretense →More Articles