On Air · MWS Radio · 122 BPM · Track — Clinical AI Governance

OCR enforcement has collected over $137 million in HIPAA settlements since 1996. The 2024 HHS Security Rule NPRM proposes mandatory encryption at rest, mandatory MFA, and written policies for AI-enabled health technology. The question is not whether your AI infrastructure will face scrutiny — it is whether your BAA chain, your sub-processor inventory, and your incident-response playbook survive the audit. MWS Inc. runs Gemini-only on Vertex AI under an executed GCP BAA, AWS RDS with pgcrypto column-level encryption, documented sub-processor minimization, and a 45 CFR 164.308 incident-response playbook. This page shows the architecture and the citations behind every claim.

MWS  DECK 01
Tempo 122 · 4 / 4 · PATTERN — A
Space play/stop   15 trigger pads   click the DJ
Scroll for the rest of the set
Clinical AI Governance
Review the BAA chain — 30-min compliance discovery See the architecture

Where the pathway breaks — and how we close it

"HIPAA compliant" claims without an executable BAA chain

The 2013 HIPAA Omnibus Rule established that business associates — including health-IT vendors, cloud-service providers, and AI model API providers — are directly liable for HIPAA Security Rule violations. That liability chain runs through the Business Associate Agreement. A vendor who claims HIPAA compliance without producing an executed BAA that covers their AI inference pipeline, their vector database, and their analytics stack is claiming compliance for a chain they do not control. The OCR has collected over $137 million in enforcement settlements across 130+ resolution agreements since 1996. The claim and the paper are two different things.

$137M+ OCR enforcement collections since 1996 (130+ resolution agreements) cite

Cost when unaddressed: HHS OCR's 2024 tracking-technology bulletin added a second enforcement vector: online tracking pixels on authenticated clinical pages disclosing PHI to advertising platforms — without HIPAA authorization or BAA — constitute Privacy Rule violations. BetterHelp paid $7.8M and Cerebral paid $7M in FTC enforcement actions on this exact vector. A "HIPAA compliant" claim does not cover what the BAA inventory does not list.

Executed BAA inventory — Vertex AI, AWS, RDS, documented chain

MWS Inc. operates under three executed BAAs that cover the entire AI inference and data storage chain: Google Cloud BAA covering Vertex AI (Gemini API, Embeddings, Vector Search, Model Endpoints), AWS BAA covering 175+ eligible services (EC2, RDS, S3, KMS, CloudWatch Logs, Systems Manager), and no third-party analytics or advertising vendors on authenticated clinical pages. The BAA chain is not aspirational. It is in place before the first byte of PHI touches the system.

3 executed BAAs covering full AI inference + storage chain (GCP Vertex + AWS + RDS) cite
Before "HIPAA compliant" claim without BAA chain documentation cite
After Executed GCP BAA + AWS BAA + per-tenant BAA before first PHI byte cite
Impact on "hipaa compliant" claims without an executable baa chain Methodology →

Multi-vendor AI sub-processor sprawl — undocumented chain

The clinical AI market defaults to multi-model gateways that route PHI to OpenAI, Anthropic, Google, Cohere, and others depending on which model scores best on a benchmark that week. Each vendor in that chain is a business associate who needs an executed BAA. Most multi-vendor AI gateway providers cannot produce individual BAAs per-model-provider — they produce one umbrella agreement that does not cover the underlying model APIs. NIST SP 800-66 Rev. 2 implementation guidance is explicit: covered entities and business associates must identify all sub-processors who create, receive, maintain, or transmit ePHI and document the compliance chain. An undocumented sub-processor chain is a compliance gap, not a feature.

Undocumented sub-processor chains in most clinical AI gateway deployments cite

Cost when unaddressed: The AHA 2024 cybersecurity advisory documents the risk explicitly: clinical AI deployments without per-vendor BAA chains face training-data PHI exposure, model-output PHI leakage, and prompt-injection vectors that extract session notes or patient identifiers. The compliance risk is not theoretical — it fires at the first multi-vendor inference call containing PHI.

Gemini-only on Vertex AI — sub-processor chain of three, fully documented

MWS clinical AI runs Gemini exclusively via Vertex AI (Gemini 2.0 Flash, Gemini 2.5 Flash, Gemini 2.5 Pro). The sub-processor chain is: MWS Inc. (covered entity / operator) → Google Cloud Vertex AI (BAA executed) → AWS RDS (BAA executed). Three vendors. Three documented agreements. No OpenAI. No Anthropic. No Bedrock multi-model. No third-party model gateway. The Gemini-only rule is not a technical preference — it is a compliance architecture decision.

3 vendors fully documented sub-processor chain (vs undocumented multi-vendor sprawl) cite
Before N+ undocumented sub-processors in multi-model gateway cite
After 3 documented sub-processors — GCP Vertex AI + AWS + RDS cite
Impact on multi-vendor ai sub-processor sprawl — undocumented chain Methodology →

Unencrypted PHI in vector databases and application-layer caches

Clinical AI applications that use vector databases for semantic search and retrieval-augmented generation routinely store embeddings of PHI text — session notes, intake forms, assessments — in databases that have encryption at the disk level but not at the column level. Disk-level encryption protects against physical theft of hardware. It does not protect against application-layer access by unauthorized queries, overly broad database roles, or a misconfigured connection string that exposes production data to a development environment. The HIPAA Security Rule technical safeguards under 45 CFR 164.312 require access control, audit controls, and integrity controls. Column-level encryption with role-bound decryption keys satisfies all three where disk-level encryption alone does not.

Disk-level only encryption baseline in most clinical SaaS architecture cite

Cost when unaddressed: The 2024 HHS Security Rule NPRM proposes to make encryption of ePHI at rest mandatory — not addressable. The direction of regulation is toward column-level specificity. Architecture that satisfies the current addressable standard may not survive the next rulemaking cycle. Building to the NPRM's proposed standard now avoids a re-architecture sprint when it finalizes.

pgcrypto column-level encryption on AWS RDS PostgreSQL

MWS clinical data infrastructure uses PostgreSQL on AWS RDS (BAA-covered) with pgcrypto extension for column-level encryption of all PHI fields. Encryption keys are AWS KMS-managed, rotated on a documented schedule, and role-bound so that application-layer queries can only decrypt the columns they are authorized to read. Vector embeddings of clinical text are generated via Vertex AI Embeddings API (BAA-covered) and stored with field-level encryption. An application misconfiguration that exposes the database connection string does not expose decrypted PHI.

Column-level pgcrypto + AWS KMS — PHI field encryption beyond disk-level baseline cite
Before Disk-level encryption — protects against hardware theft only cite
After Column-level pgcrypto + AWS KMS — application-layer access controlled per field cite
Impact on unencrypted phi in vector databases and application-layer caches Methodology →

Multi-LLM gateways sending PHI to OpenAI, Anthropic, and Google simultaneously

The clinical AI product market has converged on multi-model gateways that route the same prompt — potentially containing session notes, assessment scores, or patient identifiers — to multiple model providers depending on latency, cost, and benchmark performance. Each routing decision is a potential unauthorized disclosure if the receiving provider does not have an executed BAA. OpenAI's enterprise agreement covers their API for HIPAA-regulated workloads, but only under specific contract terms. Anthropic's Claude API for HIPAA workloads requires the same. Routing PHI through a model-selector that does not validate BAA coverage at the routing layer is not a clinical AI architecture — it is a compliance exposure running as a product feature.

Multi-model routing PHI to 3+ LLM providers without per-provider BAA validation cite

Cost when unaddressed: FTC enforcement against BetterHelp ($7.8M, 2023) and Cerebral ($7M, 2024) established that PHI disclosure to third parties without proper authorization — even when framed as analytics or model improvement — triggers enforcement at the FTC Act level in addition to HIPAA OCR. Multi-LLM routing is a PHI-disclosure architecture. The FTC enforcement record says what happens when the disclosure is not covered.

Gemini-only architecture — Vertex AI, single-provider BAA, no routing ambiguity

MWS clinical AI sends PHI to exactly one LLM provider: Google Vertex AI (Gemini API family). The Google Cloud BAA covers Gemini API text generation, Embeddings, Vector Search, and Model Endpoints. No prompt routing logic. No model-selector. No fallback to a non-BAA-covered provider. The Gemini-only rule eliminates the routing-ambiguity compliance risk entirely — there is no multi-provider chain to audit because there is no multi-provider chain.

One provider Vertex AI Gemini — single BAA, zero routing ambiguity cite
Before 3+ providers multi-LLM routing with per-call BAA uncertainty cite
After One Vertex AI Gemini — BAA executed, chain auditable cite
Impact on multi-llm gateways sending phi to openai, anthropic, and google simultaneously Methodology →

Shadow-IT clinician AI tools — session notes pasted into ChatGPT

The clinical AI adoption gap is not about enterprise deployments. It is about the therapist or care coordinator who pastes a client's session notes into ChatGPT to generate a progress note or treatment plan draft. Rajkomar, Dean, and Kohane (2019 NEJM) documented the training-data exposure risk in clinical ML deployment. Topol (2019 Nature Medicine) established the human-AI augmentation framework that distinguishes governed AI tools from shadow-IT workarounds. A clinician pasting PHI into a consumer AI tool is an unauthorized disclosure under the HIPAA Privacy Rule's minimum-necessary standard and the business-associate chain requirement. The ONC HTI-1 Final Rule (2024) mandates algorithm transparency and risk management in certified health IT. Consumer AI tools are not certified health IT.

Unauthorized disclosure HIPAA Privacy Rule violation on first paste of PHI into consumer AI cite

Cost when unaddressed: The AHA cybersecurity advisory explicitly names shadow-IT clinician AI as a primary clinical AI deployment risk — prompt-injection vectors, training-data PHI exposure, and model-output PHI leakage all fire in uncontrolled consumer AI usage. The liability lands on the covered entity whose workforce member made the disclosure, not on the AI company whose terms of service disclaim healthcare use.

Governed in-platform AI with BAA — AI augmentation inside the clinical workflow

MWS Inc. platform embeds AI augmentation inside the clinical workflow where it is governed, logged, and BAA-covered — not in a consumer app outside the chain. Progress note drafting, treatment plan structuring, and assessment interpretation all run via Vertex AI Gemini inside the platform's authenticated, encrypted, audit-logged session. The clinician gets the AI augmentation. The BAA chain is intact. The shadow-IT risk is replaced by a controlled audit trail.

In-platform AI augmentation — governed, logged, BAA-covered vs consumer shadow-IT cite
Before Shadow-IT clinician pastes PHI into ChatGPT — unauthorized disclosure cite
After In-platform Vertex AI Gemini — augmentation inside BAA chain, audit logged cite
Impact on shadow-it clinician ai tools — session notes pasted into chatgpt Methodology →

Undocumented incident response — no 45 CFR 164.308(a)(6) playbook

The HIPAA Security Rule administrative safeguards under 45 CFR 164.308(a)(6) require covered entities to implement policies and procedures to address security incidents — including identification, response, and documentation of the incident and its outcome. Most clinical SaaS vendors have a security team that responds to incidents. Most do not have a documented, tested, role-assigned playbook that satisfies the 164.308(a)(6) standard. The OCR enforcement pattern consistently finds undocumented incident response as a contributing factor in breach investigations. Undocumented is not the same as absent — but it cannot be defended in an audit.

Undocumented incident response in most clinical SaaS — 45 CFR 164.308(a)(6) gap cite

Cost when unaddressed: The 2024 HHS Security Rule NPRM proposes to require written incident-response plans with documented recovery time objectives and recovery point objectives — converting the current policy-and-procedures standard into a measurable, testable, mandatory requirement. Architecture that does not have documented RTO/RPO cannot satisfy the proposed standard.

45 CFR 164.308(a)(6) incident-response playbook — documented, role-assigned, tested

MWS clinical infrastructure operates under a documented security-incident-response playbook anchored to 45 CFR 164.308(a)(6): detection via CloudWatch Logs + AWS GuardDuty alerts, triage by role (on-call engineer + compliance lead), containment via AWS Security Groups + IAM policy revocation, assessment for breach-notification trigger (45 CFR 164.400-414), notification chain (covered entity → HHS OCR within 60 days if breach confirmed), documentation of outcome. The playbook is stored in a version-controlled repository and reviewed quarterly. RTO target: four hours. RPO target: one hour.

4hr RTO / 1hr RPO documented incident-response targets satisfying 2024 NPRM proposed standard cite
Before None documented incident-response playbook in most clinical SaaS cite
After Documented 45 CFR 164.308(a)(6) playbook + 4hr RTO + 1hr RPO + quarterly review cite
Impact on undocumented incident response — no 45 cfr 164.308(a)(6) playbook Methodology →

Paper retention claims — no 45 CFR 164.316 audit-log retention

The HIPAA Security Rule documentation requirements under 45 CFR 164.316 require covered entities and business associates to retain documentation of policies and procedures, including audit logs of system activity, for six years from the date of creation or the date when it was last in effect, whichever is later. Most clinical SaaS vendors retain audit logs for 90 days because CloudWatch Logs retention costs money. Six-year retention is expensive. It is also required. An OCR audit that asks for audit logs from three years ago and finds none is not a hypothetical risk — it is the documented pattern in OCR breach investigations.

90 days typical CloudWatch Logs retention in clinical SaaS (vs 6-year 164.316 requirement) cite

Cost when unaddressed: OCR's 2024 tracking-technology bulletin enforcement pattern shows that audit-trail gaps are amplifiers in breach investigations — they convert a potential HIPAA violation into a documented failure of the documentation standard, adding a second violation category to an OCR investigation. Retention that satisfies the 90-day cost optimization does not satisfy the six-year compliance requirement.

Six-year audit-log retention — CloudWatch Logs to S3 with KMS, 164.316 compliant

MWS clinical infrastructure ships audit logs from CloudWatch Logs to an S3 bucket (AWS BAA-covered) encrypted with AWS KMS, with object-lock retention policy set to six years per 45 CFR 164.316. Every AI inference call via Vertex AI Gemini, every PHI field access, every authentication event, and every access-control change is logged to CloudWatch and archived. The retention policy is version-controlled and reviewed at each quarterly incident-response playbook review.

6 years audit-log retention — CloudWatch + S3 + KMS, 45 CFR 164.316 compliant cite
Before 90 days typical clinical SaaS audit-log retention cite
After 6 years CloudWatch → S3 + KMS object-lock, 45 CFR 164.316 compliant cite
Impact on paper retention claims — no 45 cfr 164.316 audit-log retention Methodology →

Methodology

How we measure

BAA chain completeness is audited quarterly: each vendor in the sub-processor chain is verified to have an active, executed BAA covering the specific services handling ePHI, with the BAA document stored in version-controlled compliance repository and reviewed against current service scope. Sub-processor count is defined as the number of third-party entities (distinct from MWS Inc. as operator) who create, receive, maintain, or transmit ePHI in the production clinical AI workflow — per NIST SP 800-66 Rev. 2 sub-processor identification guidance. Encryption coverage is measured as the percentage of PHI database columns covered by pgcrypto column-level encryption with AWS KMS key management — target 100% of PHI fields; disk-level-only encrypted fields are tracked as coverage gaps. Incident-response playbook is validated by tabletop exercise quarterly and by live drill annually — RTO and RPO targets are measured against actual drill times and documented in the compliance repository. Audit-log retention is validated monthly via S3 object-lock policy audit: all CloudWatch Logs export buckets are confirmed to have object-lock retention set to 2,190 days (6 years × 365) with governance mode active.

What counts

  • All Vertex AI Gemini API inference calls handling PHI text, embeddings, or structured clinical data
  • All AWS RDS PostgreSQL transactions on PHI columns under pgcrypto encryption
  • All CloudWatch Logs export to S3 with object-lock retention applied
  • All authentication events, PHI field access events, and IAM policy changes logged to CloudWatch
  • All BAA-covered vendor integrations listed in the sub-processor inventory, reviewed quarterly
  • All security incident events from AWS GuardDuty and CloudWatch Alarms, triaged per 164.308(a)(6) playbook

What doesn't count

  • Non-PHI analytics data (aggregate counts, de-identified metrics) not subject to HIPAA technical safeguards — tracked separately as non-PHI operational data
  • Staging and development environments with synthetic or de-identified data — not part of the production BAA chain unless PHI is intentionally introduced
  • Third-party integrations explicitly excluded from the BAA chain (e.g., public-facing marketing analytics on unauthenticated pages per HHS OCR tracking-technology bulletin)
  • Per-tenant BAA execution timelines — each tenant program signs a BAA before first PHI onboarding; tenant BAA execution is a deployment gate, not a rolling average
  • Model training and fine-tuning activities — MWS Inc. uses Vertex AI Gemini pre-trained models without fine-tuning on PHI; any future fine-tuning activity would require separate BAA scope review
Sources: hhs-45-cfr-164-312-technical-safeguards , hhs-2013-hipaa-omnibus-rule , hhs-2024-hipaa-security-rule-nprm , nist-2017-sp-800-66-hipaa-implementation , google-cloud-2024-vertex-ai-baa , aws-2024-hipaa-eligible-services , fda-2022-software-medical-device-guidance , onc-2024-hti-1-final-rule

How we compare

Sourced from primary citations — not vendor marketing claims.

Us MWS Clinical AI Governance vs Single-vendor "HIPAA compliant" SaaS vs Roll-your-own in-house BAA chain vs Notion + ChatGPT shadow-IT
BAA chain documentation cite Executed: GCP Vertex AI + AWS + RDS + per-tenant BAA before first PHI byte One BAA from vendor — sub-processors often not separately documented Complex, time-intensive — requires legal review per vendor, quarterly updates None — ChatGPT and Notion have no BAA for HIPAA-regulated workloads
LLM provider(s) handling PHI cite One: Vertex AI Gemini (BAA executed) — no routing ambiguity Often multi-model — per-provider BAA validation not always guaranteed at routing layer Varies by in-house infrastructure — often still routes to cloud APIs without per-API BAA Consumer ChatGPT: no HIPAA authorization, unauthorized disclosure on first prompt
PHI encryption at rest cite Column-level pgcrypto + AWS KMS — application-layer access controlled per PHI field Disk-level only in most implementations — protects hardware theft, not application access Depends on in-house DBA configuration — often disk-level, rarely column-level Consumer cloud storage — no PHI encryption posture at all
Audit log retention cite 6 years: CloudWatch → S3 + KMS object-lock, 45 CFR 164.316 compliant Typically 90 days — cost optimization overrides compliance requirement Inconsistent — depends on in-house ops budget and CloudWatch configuration Zero — no audit trail exists for shadow-IT tools
Incident response playbook cite Documented 45 CFR 164.308(a)(6) playbook — 4hr RTO / 1hr RPO / tabletop quarterly Often ad hoc — security team exists but documented playbook rarely tested Requires building from scratch — most in-house builds underinvest in IR documentation None — no incident response exists for shadow-IT workflows
Shadow-IT risk management cite AI augmentation inside governed platform — no clinician pathway to consumer AI for clinical work Depends on user-education policy — no technical control on workforce ChatGPT use In-house governance can address if policies enforced — rarely is at the technical layer Shadow-IT IS the architecture — every clinical AI action is ungoverned
FDA CDS boundary compliance cite Non-autonomous, clinician-reviewable outputs — outside FDA device territory per 2022 guidance Varies by vendor — AI tools that provide autonomous recommendations may require FDA review Depends on what in-house team builds — autonomous CDS crosses FDA boundary ChatGPT is not CDS software — its recommendations have no clinical-device regulatory status
FTC enforcement exposure cite Zero third-party advertising on authenticated clinical pages — tracking-technology bulletin compliance Depends on analytics stack — many vendors use Google Analytics or Meta Pixel on clinical pages In-house teams often add analytics without PHI-disclosure review Consumer AI has already triggered FTC enforcement at $7.8M (BetterHelp) and $7M (Cerebral)
Founder credibility Built by Matthew Sexton, LCSW — practicing clinician who built compliance for $10M HIPAA operation Vendor engineering team — no clinician at the architecture table In-house IT team — compliance expertise depends on budget and hiring No compliance governance — clinician as both user and compliance gap

Frequently asked questions

What does 'HIPAA compliant' actually mean for a clinical AI vendor?
"HIPAA compliant" is a claim about a compliance posture — not a certification. Unlike SOC 2 or ISO 27001, there is no third-party body that issues a HIPAA compliance certificate. What the claim means depends entirely on what BAAs are executed, which technical safeguards are in production, and whether the documentation chain survives an OCR audit. The HHS HIPAA Omnibus Rule (2013) established that business associates — including AI API providers, cloud hosting vendors, and analytics platforms — are directly liable for HIPAA Security Rule violations. That liability chain runs through the Business Associate Agreement. A vendor who cannot produce an executed BAA covering each entity in their ePHI handling chain is claiming compliance for a chain they do not control. OCR has collected over $137 million in enforcement settlements across 130+ resolution agreements since 1996. Ask for the BAA inventory, not the claim.

Cited: hhs-2013-hipaa-omnibus-rule , hhs-ocr-2024-rights-of-access-enforcement , nist-2017-sp-800-66-hipaa-implementation

Why does MWS clinical AI run Gemini-only on Vertex AI instead of a multi-model gateway?
Multi-model gateways route PHI to multiple LLM providers — often OpenAI, Anthropic, Google, and Cohere simultaneously — based on latency, cost, and benchmark performance. Each provider in that routing chain is a business associate who needs an executed BAA. Routing logic that does not validate BAA coverage at the routing layer before each inference call is a compliance architecture risk, not a feature. MWS Inc. runs Gemini exclusively via Vertex AI because the Google Cloud BAA covers the full Gemini API family (Gemini 2.0 Flash, Gemini 2.5 Flash, Gemini 2.5 Pro), Embeddings API, Vector Search, and Model Endpoints under a single executed agreement. The sub-processor chain is three vendors — MWS Inc., Google Cloud Vertex AI, AWS RDS — all with executed BAAs, all documented. There is no routing ambiguity because there is no routing. The Gemini-only rule is a compliance architecture decision, not a technical benchmark preference.

Cited: google-cloud-2024-vertex-ai-baa , hhs-2013-hipaa-omnibus-rule , ftc-2023-betterhelp-enforcement

What is pgcrypto column-level encryption and why does it matter for PHI?
pgcrypto is a PostgreSQL extension that provides column-level encryption — individual database columns holding PHI are encrypted with keys managed separately from the database connection. On AWS RDS (BAA-covered), this means that disk-level encryption (which AWS provides by default) is complemented by application-layer encryption where the decryption key is managed by AWS KMS, not embedded in the application code or database configuration. The practical difference: disk-level encryption protects against physical hardware theft. Column-level pgcrypto encryption protects against application-layer access by unauthorized queries, overly broad database roles, and misconfigured connection strings that would otherwise expose plaintext PHI. The HIPAA Security Rule technical safeguards under 45 CFR 164.312 require access control and audit controls on ePHI systems. Column-level encryption with role-bound KMS keys satisfies both requirements where disk-level encryption alone does not. The 2024 HHS Security Rule NPRM proposes to make encryption at rest mandatory rather than addressable — column-level is the architecture that satisfies both the current and proposed standard.

Cited: hhs-45-cfr-164-312-technical-safeguards , hhs-2024-hipaa-security-rule-nprm , aws-2024-hipaa-eligible-services

How does MWS Inc. handle security incidents and breach notification?
MWS clinical infrastructure operates under a documented incident-response playbook anchored to 45 CFR 164.308(a)(6). Detection runs via AWS CloudWatch Logs alarms and AWS GuardDuty threat detection. Triage follows a role-assigned escalation sequence: on-call engineer for initial containment, compliance lead for breach-notification assessment. Containment uses AWS Security Groups (network isolation) and IAM policy revocation (access revocation). Breach-notification assessment uses the four-factor risk assessment per 45 CFR 164.402 to determine whether a reportable breach occurred. If a breach is confirmed, notification runs to the affected covered entity within 60 days per 45 CFR 164.408, and to HHS OCR within 60 days of discovery per 45 CFR 164.412. The playbook is stored in a version-controlled compliance repository, reviewed quarterly, and tested via tabletop exercise quarterly and live drill annually. RTO target is four hours. RPO target is one hour. These targets are measured against actual drill times and documented in the compliance repository.

Cited: hhs-45-cfr-164-312-technical-safeguards , hhs-2013-hipaa-omnibus-rule , nist-2017-sp-800-66-hipaa-implementation

Is MWS Inc. clinical AI subject to FDA medical device regulation?
MWS clinical AI tools are designed as non-autonomous augmentation — they draft progress notes, structure treatment plans, and surface assessment-score patterns for clinician review, but they do not provide diagnostic or treatment recommendations that clinicians cannot independently review and override. FDA's 2022 Clinical Decision Support Software guidance clarifies the regulatory boundary: CDS software that provides transparent rationale that clinicians can independently review falls outside FDA medical-device territory. CDS software that provides diagnostic or treatment recommendations based on opaque AI reasoning that clinicians cannot independently verify crosses into FDA-regulated medical-device territory requiring premarket review. MWS Inc. platform design keeps every AI-generated output in the clinician-reviewable, clinician-overridable category. The ONC HTI-1 Final Rule (2024) separately requires Decision Support Intervention transparency for AI/ML models embedded in ONC-certified EHRs — MWS Inc. AI tools satisfy the DSI transparency standard because the model (Vertex AI Gemini), the data inputs (clinician-provided session context), and the output type (draft text for clinician review) are all disclosed to the end user.

Cited: fda-2022-software-medical-device-guidance , onc-2024-hti-1-final-rule , topol-2019-deep-medicine

Founder thesis

Why this exists

I built this to run for my own private practice. If it can't survive my own HIPAA audit, it doesn't ship for a tenant.

— Matthew Sexton, LCSW

I'm a clinician. I still see clients. I built infrastructure that I would run for my own private practice — because I am running it for my own private practice. That is not a marketing statement. It is the actual architecture constraint. If the system cannot satisfy a HIPAA audit for my PLLC, it does not ship for a tenant program.

The "HIPAA compliant" problem is not unique to AI. It has been the clinical SaaS problem for twenty years. A vendor prints it on their landing page. It means nothing without the BAA inventory. The AI version is worse because multi-model gateways add three or four sub-processors without adding three or four BAAs. The PHI is moving. The paper is not.

The Gemini-only rule is not a preference. It is a compliance architecture decision that keeps the sub-processor chain to three vendors — all documented, all with executed BAAs, all with a clear audit trail. No routing ambiguity. No model-selector that might send session notes to a provider whose agreement expired last quarter.

The pgcrypto rule, the six-year audit-log retention, the 164.308(a)(6) playbook — these are not features. They are the minimum floor of what a healthcare AI system should look like before the first byte of PHI enters the pipeline. I built to that floor because my license is on the line if it is wrong. The bar for a tenant program should not be lower than the bar I set for myself.

Matthew Sexton, LCSW Founder · Mental Wealth Solutions Inc.

Citations

  1. U.S. Department of Health and Human Services (2013). Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules — Omnibus Rule. HHS Office for Civil Rights. Source
    • HHS HIPAA Omnibus Rule (effective March 2013) implementing HITECH Act provisions — established business-associate direct liability for HIPAA violations, expanded breach notification requirements, and updated marketing/fundraising restrictions.
    • Established that business associates (including health-IT vendors and cloud-service providers handling ePHI) are directly liable for HIPAA Security Rule and Breach Notification Rule violations — extending HIPAA enforcement to the entire ePHI handling chain rather than only covered entities.
    • Anchored the modern HIPAA enforcement framework: covered entities and business associates each carry direct compliance obligations, with Business Associate Agreements (BAAs) as the contractual instrument establishing the compliance chain.
    “The 2013 HIPAA Omnibus Rule established business-associate direct liability for HIPAA violations — extending enforcement to the entire ePHI handling chain with Business Associate Agreements as the contractual compliance instrument.”
  2. U.S. Department of Health and Human Services (2024). HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information — Notice of Proposed Rulemaking. HHS Office for Civil Rights. Source
    • HHS OCR Notice of Proposed Rulemaking (December 2024) updating HIPAA Security Rule to strengthen ePHI cybersecurity — first significant Security Rule update since 2013 Omnibus Rule.
    • Proposed updates: mandatory multifactor authentication, encryption of ePHI at rest and in transit, vulnerability scanning, penetration testing, network segmentation, contingency planning with documented recovery time/recovery point objectives, and written policies/procedures for AI-enabled health technology.
    • Established the regulatory direction for HIPAA cybersecurity standards through 2026-2027 — covered entities and business associates must prepare for substantially expanded technical-safeguards requirements.
    “HHS OCR's December 2024 NPRM proposes the first significant HIPAA Security Rule update since 2013 — including mandatory MFA, encryption at rest/transit, vulnerability scanning, network segmentation, and written policies for AI-enabled health technology.”
  3. U.S. Department of Health & Human Services & Office for Civil Rights (2013). HIPAA Security Rule — Technical Safeguards (45 CFR § 164.312). Code of Federal Regulations, Title 45 — Public Welfare. Source
    • Mandates access control, audit controls, integrity controls, person-or-entity authentication, and transmission security as technical safeguards for ePHI.
    • Encryption and decryption are addressable specifications under access control and transmission security — required unless an alternative measure is documented as equally protective.
    • Audit controls require hardware, software, and procedural mechanisms to record and examine activity in systems containing or using ePHI.
    “A covered entity or business associate must implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.”
  4. U.S. Department of Health and Human Services Office for Civil Rights (2024). HIPAA Right of Access Initiative: Enforcement Actions and Resolution Agreements. HHS OCR Press Releases and Resolution Agreements 2019-2024. Source
    • HHS OCR Right of Access Initiative launched 2019 produced more than 45 resolution agreements and civil money penalties through 2024 against covered entities that failed to provide individuals timely access to their medical records — settlements ranging from $3,500 to $240,000.
    • OCR enforcement themes 2019-2024: failure to provide records within 30-day statutory deadline, charging excessive fees beyond cost-based reasonable amount, requiring impermissible authorizations or in-person appearance, refusing electronic delivery when requested by patient — direct application of 45 CFR 164.524.
    • OCR HIPAA Settlement statistics: total HIPAA enforcement collections exceeded $137 million across 130+ resolution agreements 1996-2024; Right of Access initiative is sustained priority through 2024 OCR strategic plan; tracking-technology bulletin (March 2024) added second priority enforcement vector.
    “HHS OCR Right of Access Initiative produced more than 45 resolution agreements and civil money penalties 2019-2024 — settlements $3,500 to $240,000 — for failure to provide timely medical record access.”
  5. U.S. Department of Health and Human Services Office for Civil Rights (2024). Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates. HHS OCR Updated Bulletin. Source
    • HHS OCR's March 2024 updated bulletin clarifies that online tracking technologies (Google Analytics, Meta Pixel, advertising trackers) on user-authenticated portions of covered-entity websites and apps disclosing protected health information to third parties without HIPAA authorization or business associate agreement constitutes a Privacy Rule violation.
    • OCR distinguishes user-authenticated pages (treatment portals, appointment scheduling tied to identified patient) from unauthenticated public pages (marketing landing pages without patient authentication) — tracking technologies on the latter only constitute violations when combined with PHI in a manner that identifies the visitor as a patient.
    • Bulletin followed multi-million-dollar OCR enforcement against Advocate Aurora Health (3 million patients affected by tracking pixel disclosure), Novant Health, and others — establishing tracking-technology compliance as priority enforcement area for OCR through 2024-2025.
    “HHS OCR's 2024 updated bulletin clarifies that online tracking technologies on authenticated covered-entity pages disclosing PHI to third parties without HIPAA authorization or BAA constitutes a Privacy Rule violation.”
  6. National Institute of Standards and Technology (2024). NIST Special Publication 800-66 Revision 2 — Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. National Institute of Standards and Technology. Source
    • NIST SP 800-66 Rev. 2 (February 2024) provides authoritative implementation guidance for HIPAA Security Rule technical, administrative, and physical safeguards — referenced by HHS OCR as definitive HIPAA Security Rule implementation reference.
    • Establishes detailed technical-safeguards implementation guidance: access control, audit controls, integrity controls, person/entity authentication, transmission security, and encryption — with cross-references to NIST Cybersecurity Framework and NIST SP 800-53 security controls.
    • Anchored the federally-recognized HIPAA Security Rule implementation framework — covered entities and business associates following NIST SP 800-66 implementation guidance establish a defensible technical-safeguards posture.
    “NIST SP 800-66 Rev. 2 provides authoritative HIPAA Security Rule implementation guidance — referenced by HHS OCR as definitive technical-safeguards implementation reference, anchoring federally-recognized HIPAA security architecture.”
  7. Google Cloud (2024). HIPAA Compliance on Google Cloud — Business Associate Agreement and Covered Services. Google Cloud. Source
    • Google Cloud offers Business Associate Agreement (BAA) coverage for Vertex AI services including Gemini API (text-bison, gemini-pro, gemini-1.5-pro, gemini-1.5-flash) — establishing HIPAA-compliant LLM infrastructure for covered entities and business associates.
    • BAA-covered Vertex AI services include: Gemini API for text generation, Embeddings API, Vector Search, Vertex AI Pipelines, Vertex AI Workbench, AutoML, Model Registry, Model Monitoring, and Endpoints — comprehensive ML/AI infrastructure for HIPAA-regulated workflows.
    • Established the BAA-covered LLM cloud infrastructure baseline that enables HIPAA-compliant deployment of large-language-model clinical applications without requiring on-premise model hosting — key infrastructure enabling cloud-native HIPAA AI architecture.
    “Google Cloud Vertex AI BAA coverage includes the full Gemini API family plus Embeddings, Vector Search, AutoML, and Model Endpoints — establishing the BAA-covered LLM cloud infrastructure baseline for HIPAA-compliant clinical AI deployment.”
  8. Amazon Web Services (2024). HIPAA Eligible Services Reference. Amazon Web Services. Source
    • AWS HIPAA Eligible Services Reference documents the comprehensive list of AWS services covered under the AWS BAA — currently 175+ services including EC2, RDS, S3, KMS, Lambda, Bedrock, SageMaker, CloudWatch Logs, Systems Manager, and Aurora.
    • Critical HIPAA-architecture services for healthcare workloads: RDS (encrypted PostgreSQL/MySQL with pgcrypto), S3 with SSE-KMS encryption, Bedrock for LLM inference (BAA-covered foundation models), Systems Manager Session Manager (CloudTrail-logged session-data S3 archival), and CloudWatch Logs for audit trail.
    • Established the AWS BAA-covered services baseline enabling HIPAA-compliant cloud-native architecture for healthcare workloads — key infrastructure enabling HIPAA-compliant deployment without requiring on-premise hosting or self-hosted security infrastructure.
    “AWS HIPAA Eligible Services covers 175+ services under BAA including RDS, S3, Bedrock, SageMaker, and Systems Manager Session Manager — establishing the AWS BAA-covered services baseline for HIPAA-compliant cloud-native healthcare architecture.”
  9. American Hospital Association (2024). AHA Cybersecurity and Risk Advisory Services — Trustworthy AI in Healthcare. American Hospital Association. Source
    • AHA cybersecurity advisory documents healthcare-specific AI deployment risks: training-data PHI exposure, model output containing PHI, third-party AI vendor BAA gaps, prompt-injection vulnerabilities in LLM-enabled clinical applications, and model-drift detection requirements.
    • Documents AHA-recommended trustworthy AI deployment framework: vendor due-diligence with executed BAAs covering AI training and inference, PHI-minimization in prompts and outputs, audit logging of all AI inference calls, and clinical-validation evidence requirements before deployment.
    • Anchored the hospital-association consensus framework for AI deployment in HIPAA-regulated environments — covered entities deploying AI in clinical workflows must address vendor BAAs, PHI minimization, audit logging, and clinical validation as deployment baseline.
    “AHA's cybersecurity advisory establishes the trustworthy-AI deployment framework for HIPAA-regulated environments — vendor BAAs covering AI training and inference, PHI minimization, audit logging, and clinical validation as deployment baseline requirements.”
  10. U.S. Federal Trade Commission (2023). FTC v. BetterHelp Inc.: Proposed Order Imposing $7.8 Million Penalty for Sharing Health Data with Advertisers. FTC Press Release and Proposed Consent Order. Source
    • March 2023 FTC consent order required BetterHelp Inc. to pay $7.8 million in consumer redress for disclosing health-related data — including users' answers to mental health intake questionnaires and email addresses — to Facebook, Snapchat, Criteo, and Pinterest for advertising despite privacy promises to the contrary.
    • FTC found BetterHelp shared identifying user data with third-party advertising platforms between 2017 and 2020, allowing those platforms to use the data for retargeted advertising and audience-building — actions FTC concluded constituted unfair and deceptive practices under FTC Act Section 5.
    • Order prohibits BetterHelp from disclosing personal health information to third parties for advertising purposes, requires comprehensive privacy program with regular third-party audits, and mandates direct consumer notification of the violation — establishing precedent for FTC enforcement of mental health platform privacy promises beyond HIPAA's covered-entity scope.
    “March 2023 FTC consent order required BetterHelp to pay $7.8 million for disclosing mental health intake data to Facebook, Snapchat, Criteo, and Pinterest for advertising — establishing precedent beyond HIPAA's covered-entity scope.”
  11. U.S. Federal Trade Commission (2024). FTC v. Cerebral Inc.: Proposed Order for Disclosing Sensitive Mental Health Data to Advertising Platforms. FTC Press Release and Proposed Consent Order. Source
    • April 2024 FTC settlement with Cerebral Inc. — telehealth mental health platform — required $7 million in consumer redress and prohibited the company from sharing or using sensitive consumer health data for most advertising purposes after data on more than 3.2 million consumers was shared with third parties.
    • FTC complaint alleged Cerebral disclosed personal health information including diagnoses, prescription history, and clinical assessment results to LinkedIn, Snapchat, TikTok, and other ad platforms via tracking pixels and analytics tags — without obtaining HIPAA-required authorizations.
    • Order banned Cerebral CEO Kyle Robertson from most non-therapy health care businesses for ten years and imposed comprehensive privacy program, third-party audit, and direct consumer notification requirements — extending the BetterHelp precedent to a covered entity that simultaneously violated HIPAA and FTC Act Section 5.
    “April 2024 FTC settlement with Cerebral required $7M redress and prohibited sensitive health data sharing for advertising — covering more than 3.2 million consumers and banning the CEO from most health care businesses for 10 years.”
  12. U.S. Food and Drug Administration (2022). Clinical Decision Support Software — Guidance for Industry and Food and Drug Administration Staff. U.S. Food and Drug Administration. Source
    • FDA Clinical Decision Support Software guidance (September 2022) clarifies which CDS software functions qualify as medical devices subject to FDA regulation under the 21st Century Cures Act.
    • FDA-regulated CDS includes software that: provides diagnostic/treatment recommendations not based on transparent rationale clinicians can independently review, processes medical images/signals/patterns, or provides time-critical decisions where clinicians cannot independently review rationale — requiring premarket FDA review.
    • Anchored the FDA medical-device regulatory boundary for clinical AI software — AI/ML systems providing autonomous diagnostic/treatment recommendations cross into FDA-regulated medical-device territory, while non-autonomous reference/educational tools remain non-device.
    “FDA's CDS Software guidance clarifies the medical-device regulatory boundary for clinical AI — autonomous diagnostic/treatment recommendation systems cross into FDA-regulated medical-device territory, while non-autonomous reference tools remain non-device.”
  13. Office of the National Coordinator for Health Information Technology (2024). Health Data, Technology, and Interoperability — Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) Final Rule. HHS ONC. Source
    • ONC HTI-1 Final Rule (January 2024) establishes the first federal regulatory framework for AI/algorithm transparency in certified health IT — including 'Decision Support Interventions' (DSI) certification criteria for predictive AI/machine-learning models embedded in EHRs.
    • DSI certification requires source attribute disclosure for predictive models, intervention risk management practices, and feedback mechanism for end users — establishing the baseline transparency requirements for AI-enabled clinical decision support.
    • Anchored the regulatory baseline for AI in certified health IT — vendors offering AI/ML-enabled clinical decision support to ONC-certified EHRs must satisfy DSI transparency and risk-management requirements as of January 1, 2025 effective date.
    “ONC HTI-1 Final Rule establishes the first federal regulatory framework for AI/algorithm transparency in certified health IT — DSI certification requires source attribute disclosure, intervention risk management, and end-user feedback mechanisms for predictive AI/ML models.”
  14. Alvin Rajkomar, Jeffrey Dean, & Isaac Kohane (2019). Machine Learning in Medicine. New England Journal of Medicine. doi:10.1056/NEJMra1814259
    • Foundational NEJM review establishing the clinical-machine-learning conceptual framework — covering supervised learning for prediction tasks, unsupervised learning for pattern discovery, reinforcement learning for treatment optimization, and key clinical-deployment challenges (data quality, generalizability, interpretability, regulatory).
    • Documents the four major clinical ML deployment challenges: training-data quality and representativeness (population shift), model generalizability across institutions/populations, interpretability for clinician trust, and regulatory framework navigation (FDA medical-device boundary).
    • Anchored the NEJM-level synthesis of clinical machine learning that informed subsequent clinical AI policy frameworks — establishing the clinical-deployment-challenge taxonomy now standard in clinical AI implementation literature.
    “Rajkomar, Dean, and Kohane established the clinical machine-learning deployment-challenge taxonomy — training-data quality, generalizability across institutions, interpretability for clinician trust, and regulatory framework navigation as the four major clinical ML implementation challenges.”
  15. Eric J. Topol (2019). High-performance medicine: the convergence of human and artificial intelligence. Nature Medicine. doi:10.1038/s41591-018-0300-7
    • Foundational synthesis paper anchoring the human-AI clinical convergence framework — establishes that AI in medicine should augment rather than replace clinician judgment, with clinical task automation freeing clinician time for relational/cognitive complexity.
    • Documents AI performance evidence across 14 medical specialties (radiology, pathology, dermatology, ophthalmology, cardiology, gastroenterology, mental health, primary care, neurology, infectious disease, oncology, orthopedics, surgery, anesthesiology) — establishing the multi-specialty evidence base for clinical AI augmentation.
    • Established the 'high-performance medicine' framework now standard in clinical AI literature: AI handles pattern-recognition/prediction tasks, clinicians handle relationship/judgment/synthesis tasks, with deliberate workflow integration to capture both.
    “Topol established the human-AI clinical convergence framework — AI in medicine should augment rather than replace clinician judgment, with clinical task automation freeing clinician time for relational and cognitive complexity beyond AI capability.”

Ready to close the gap?

Review the BAA chain — 30-min compliance discovery See the architecture

Patent Pending — U.S. Provisional Patent Application No. 64/059,214