HIPAA-Compliant AI Memory for Healthcare Agents

#governance #machinelearning

Healthcare AI agents handle PHI every session. Delete sensitive data = lose clinical context. Store raw = HIPAA violation. Deterministic tokenization solves both. Here's how it works (with code).

The problem: healthcare AI agents handle PHI every session

A patient asks your clinical AI assistant about their medication schedule. The agent responds correctly. Three days later, the same patient returns with a follow-up question. The agent has no memory of the prior session. The patient repeats themselves. The clinical workflow breaks.

This is the state of most healthcare AI deployments today — and it's not a product failure. It's a compliance decision made without a good alternative.

Healthcare AI teams face a genuine constraint: AI agent memory requires storing what agents learned, and what agents learn in clinical contexts is PHI. Patient names, dates of birth, diagnoses, medication histories, appointment preferences — all protected under HIPAA.

Most teams choose one of two inadequate paths:

Delete everything after each session. Compliant, but clinically useless. Every session starts from zero.
Store raw session data. Functional, but a HIPAA violation waiting to happen.

There's a third path. Deterministic tokenization before storage — and it's what makes HIPAA-compliant persistent AI memory possible.

Why deletion doesn't work for clinical AI

Consider what persistent memory actually enables for a healthcare AI agent:

A patient mentions they're allergic to penicillin. The agent never asks again.
A patient prefers morning appointments. The agent factors this in automatically.
A chronic care patient has 18 months of history. The agent has that context, not just today's complaint.
A high-anxiety patient responded poorly to a specific communication style. The agent adapts.

None of this works if memory is session-scoped. Deleting PHI after every session doesn't protect patients — it makes the AI so limited it's not worth deploying.

Deterministic tokenization: cross-session continuity without PHI storage

The solution is transforming PHI into tokens before storage — using a deterministic process that produces the same token for the same input every time.

This matters for a specific reason: same patient, same token. If "John Smith DOB 1974-03-19" always hashes to PAT-7f3a2c, then the agent can retrieve all memories associated with that patient across every session — without ever storing "John Smith" or "1974-03-19" in the memory database.

How it works:

Session data arrives with raw PHI embedded in context
PII detection identifies protected fields: names, DOBs, MRNs, diagnoses, medication names
HMAC-SHA256 tokenization maps each PII element to a deterministic token using a secret key
Redacted context is stored — PHI is replaced with tokens. The database never contains raw PHI.
Retrieval uses the same tokenization process — same patient identifier → same token → full history

Implementation: writing HIPAA-safe memory with the TCL API

Step 1: Write memory — PII tokenized automatically

const response = await fetch("https://tracecontinuity.com/v1/memories", {
  method: "POST",
  headers: {
    "Authorization": "Bearer mnm_your_api_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    agent: "clinical-intake",
    content: "Patient Jane Doe (DOB: 1982-07-14, MRN: 4422981) reports penicillin allergy. Prefers morning appointments. Currently on lisinopril 10mg.",
    retention: "365d"
  })
});
// Stored: "Patient [NAME_TOKEN_a3f9] (DOB: [DATE_TOKEN_b7c1], MRN: [MRN_TOKEN_d2e8]) reports penicillin allergy..."
// Governance event logged: pii_redacted, 3 PII types detected
// No raw PHI in storage

Step 2: Verify deterministic token matching

const crypto = require("crypto");

function tokenizePii(value, type, secretKey) {
  const normalized = value.toString().toLowerCase().trim();
  const hmac = crypto.createHmac("sha256", secretKey);
  hmac.update(`${type}:${normalized}`);
  return `${type.toUpperCase()}_TOKEN_${hmac.digest("hex").substring(0, 8)}`;
}

// Session 1 — March:
const token1 = tokenizePii("Jane Doe", "NAME", process.env.TOKENIZATION_KEY);
// → "NAME_TOKEN_a3f91c7b"

// Session 2 — June (completely separate):
const token2 = tokenizePii("Jane Doe", "NAME", process.env.TOKENIZATION_KEY);
// → "NAME_TOKEN_a3f91c7b" (identical — deterministic)

console.log(token1 === token2); // true — cross-session retrieval confirmed

Same patient, same token, every time. The memory retrieval path never requires raw PHI.

Audit trail: what HIPAA actually requires

HIPAA's Security Rule (45 CFR § 164.312(b)) requires audit controls that record and examine activity in systems containing PHI.

For AI agent memory, that means records for every write, read, and deletion — with no raw PHI in the audit logs themselves.

Trace Continuity logs every PII detection event to a tokenization_events table: pii_type, token_prefix (8 chars only), tenant_id, occurred_at. Full tokens and raw PHI never appear in logs.

curl -X GET "https://tracecontinuity.com/v1/usage" \
  -H "Authorization: Bearer mnm_your_admin_key"
# Returns:
# {
#   "total_memories": 1847,
#   "memories_pii_redacted": 412,
#   "api_calls_this_period": 9334,
#   "tier": "enterprise"
# }

Retention policy enforcement

// Clinical session memory — retain for 1 year
body: JSON.stringify({
  agent: "clinical-intake",
  content: "...",
  retention: "365d"  // Auto-expired after 365 days
})

// Acute care note — short retention
body: JSON.stringify({
  agent: "urgent-care-bot",
  content: "...",
  retention: "30d"
})

TTL enforcement happens at the infrastructure layer. Records auto-expire. Deletion events are logged.

What this means for your HIPAA BAA

If you're deploying AI agents in a covered entity context, your memory infrastructure provider needs to sign a BAA. Trace Continuity's architecture is designed for this:

PHI tokenized before storage — data at rest contains no raw PHI
Audit logs record detection events without retaining PHI
Retention policies enforced at infrastructure layer
Multi-tenant isolation at the API key layer — not by convention

Contact support@tracecontinuity.com to discuss BAA terms for enterprise healthcare deployments.

Try it live

The Playground lets you test PHI tokenization in real time — submit text containing patient data and see exactly what gets stored. No API key required.