Skip to main content

Blueprint: The Healthcare AI Companion

HIPAA-Compliant PII Redaction for Medical Agents

Healthcare agents processing patient data must ensure that Protected Health Information (PHI) is never logged or exposed to unapproved model providers. This blueprint shows how to use Surgical Redaction to mask medical identifiers in real-time.

Architecture

1. Master Policy Definition

Enable PII scanning with surgical masking for medical applications.

{
  "name": "hipaa-compliance-policy",
  "priority": 9000,
  "rules": [
    {
      "id": "medical-pii-masking",
      "effect": "allow",
      "principals": ["agent:nurse-companion"],
      "actions": ["llm.generate"],
      "resources": ["*"]
    }
  ],
  "content_policy": {
    "enable_pii_detection": true,
    "pii_action": "mask",
    "blocked_patterns": ["\\b[A-Z]{2}\\d{6}[A-Z]\\b"]
  }
}

2. Implementation

LangChain Implementation

from langchain_openai import ChatOpenAI
from langchain.schema import HumanMessage
import os

# Configure the LLM to use the Control Zero Gateway
llm = ChatOpenAI(
    model="gpt-4o-mini",
    openai_api_base="http://cz-gateway:8001/v1",
    openai_api_key="cz_live_healthcare_key", # Managed key in Vault
    default_headers={
        "X-ControlZero-Project-ID": "health-prod-01",
        "X-ControlZero-User-Role": "nurse"
    }
)

def process_transcript(transcript: str):
    # Control Zero Gateway will automatically scan the 'content' field
    # and replace PII with [REDACTED_ENTITY_TYPE] before forwarding.
    messages = [
        HumanMessage(content=f"Summarize this patient interaction: {transcript}")
    ]

    try:
        response = llm.invoke(messages)
        return response.content
    except Exception as e:
        return f"Compliance Block: {e}"

# Scenario: Transcript containing sensitive patient data
raw_transcript = "Patient Jane Doe (SSN: 123-45-6789) is showing signs of respiratory distress."
summary = process_transcript(raw_transcript)

# RESULT: The LLM only ever sees:
# "Patient [NAME] (SSN: [SSN]) is showing signs of respiratory distress."
print(f"Safe Summary: {summary}")

3. Validation Checklist

  • Redaction Verification: Send a test payload with an SSN and verify the LLM response mentions "[SSN]" instead of the raw digits.
  • Provider Logs: Inspect OpenAI/Anthropic logs (if accessible) to confirm they never received raw PHI.
  • Local Storage: Ensure your own application logs only contain the masked output returned by the gateway.