Defensible AI in healthcare. With the audit to prove it.
A 3–4 week engineering audit of one AI-touching system in your environment. HIPAA, BAA chain, FDA SaMD screening, agentic-attack threat surface, accessibility — the report your privacy officer hands the board.
$20,000–$35,000 Three to four weeks · T&M with cap
A schematic of a patient-portal AI surface with the AI vendor / EHR / portal / audit log layered, and a translucent "BAA chain" ribbon threading through every layer with break-points highlighted. Architectural, not clinical. No stethoscopes, no stock-doctor imagery.A vendor pilot graduated. Now your privacy officer is asking what you’re exposed to.
A vendor pilot graduated. Or an innovation team’s AI-mediated symptom checker shipped to production. Or your patient portal added an AI summary feature. Now your privacy officer has a question — what’s our exposure? — and the answer is some combination of “the vendor said it’s HIPAA-compliant,” “we have a BAA somewhere,” and “we ran axe-core once.” Those answers may not be sufficient under OCR enforcement scrutiny, malpractice discovery, or class-action proceedings. The audit produces evidence-backed documentation calibrated to those scrutiny lenses.
PHI plus AI is a regulated deployment whether or not anyone treated it as one. An innovation team put a pattern-completion engine into a system that holds protected information, and OCR enforcement does not turn on whether the CCO was briefed first. The audit enumerates what was deployed, where it touches PHI, what it can reach, and what it logs; the BAA chain closes the contractual gaps; and the regulatory grounding — 45 CFR 164.302–164.318, FDA AI/ML SaMD screening, breach-notification mechanics — is what makes the deployment defensible under scrutiny rather than a liability surface no one has measured.
Generic compliance audits don’t fix this. Most run a checklist scored from interviews; they don’t read the code, don’t enumerate the BAAs, don’t screen for SaMD exposure, and don’t model the agentic-attack threat surface against your environment specifically. The findings are advisory. The privacy officer’s job is not advisory.
You need an engineering audit. Specific to AI. Specific to healthcare. Specific to your system. BST is the operator that built HELiX — our open-source healthcare-grade component library built to WCAG 2.2 AA — so the same regulatory and accessibility constraints your system has to meet are the constraints we build inside as a matter of practice. The Compliance Review is not a healthcare-curious security firm doing a side project; it is a healthcare-credentialed engineering audit run by a principal who works inside those regulatory and accessibility constraints as a matter of practice.
What you get
-
Compliance gap analysis
Every category of HIPAA Security Rule technical safeguards scored against your environment, with severity per finding, remediation pointer, and 45 CFR 164.302–164.318 control mapping.
-
BAA review memo
Every BAA in your AI chain reviewed for scope, sub-processor language, training opt-out, and breach-notification mechanics. Redline recommendations included.
-
Remediation roadmap
Phased plan with effort estimates, ownership, and dependencies. Slottable directly into quarterly engineering planning.
-
Audit-ready documentation
Control descriptions mapped to regulatory citations. The document the privacy officer hands to the audit committee unmodified.
-
Executive summary
One page, plain language, calibrated to the risk register. Designed for board, audit-committee, or external counsel consumption.
-
Findings review
90-minute walkthrough with privacy officer, security lead, and engineering lead. Every finding walked by the BST principal who did the work.
How it works
-
Inspection
Week 1Deliverable Architecture read end-to-end
Architecture read end-to-end. Code, config, prompts, audit logs, IAM, network topology. We do not begin scoring work until the system is mapped and access is written down.
-
Documentation
Week 2Deliverable Severity-rated findings with file-and-clause citations
Every category scored against the rubric. Severity-rated findings with file-and-clause citations. Findings tagged to the four-class AI technical-debt taxonomy with HIPAA overlay.
-
BAA Review
Week 2–3Deliverable BAA chain reviewed; redline recommendations
Every BAA in the AI chain read. Scope gaps surfaced. Sub-processor language reviewed. Training opt-out and breach-notification mechanics evaluated. Redline recommendations delivered.
-
Reporting
Week 3–4Deliverable Final report + 90-minute findings review
Final report assembled. 90-minute findings review with privacy officer, security lead, and engineering lead. Audit-ready documentation delivered.
Pricing
Engagement model Time & materials with not-to-exceed cap
Single AI feature on a single deployment substrate with a single BAA in scope lands at $20K–$25K. Multi-tenant AI surface with hybrid topology and 2–3 BAAs lands $25K–$30K. Multi-tenant plus jurisdiction overlay (GDPR, NHS DSPT, state law) lands $30K–$35K.
Anchor pricing reflects typical engagement ranges. Actual fees are scoped per engagement under time-and-materials with a not-to-exceed cap. Pricing shown does not constitute a binding offer.
Frequently asked questions
Does this provide a HIPAA certification?
Do you sign a BAA?
Will you sign the VPAT?
Can BST do the remediation work too?
What if you find a reportable breach indicator?
Do you cover GDPR / state law / international jurisdictions?
- EU GDPR
- UK NHS DSPT
- California CMIA
- Texas HB 300
Can this be done remotely?
How is this different from our HITRUST or SOC 2 audit?
- Prompt logging and retention
- Embedding scope and PHI-leakage paths
- Agent governance and tool-call audit
- FDA SaMD exposure under 21 CFR 820
Often combined with
-
Patient Portal Accessibility Audit
Every healthcare-AI surface is also a patient-facing surface. HIPAA here; WCAG there. The common attach for patient portals, and the anchor of the design-systems and accessibility practice.
-
AI Security Review
Different angles on the same trust path — HIPAA-shaped findings here, OWASP / agentic-attack lens there. A companion engineering audit when the AI surface warrants both.
Give your privacy officer a defensible answer.
Three to four weeks. Engineering audit. BAA before any access. Findings your audit committee can act on.