Original article appeared here.
The minimum necessary standard was designed to limit PHI access to exactly what a task requires. AI agents have no concept of minimum. They retrieve everything they can reach.
Healthcare has spent thirty years building a compliance culture around a deceptively simple idea: access to patient information should be limited to what is actually needed for the task at hand. That idea has a name in HIPAA. It is called the minimum necessary standard, and it is one of the foundational requirements of the Privacy Rule. It applies to every use, disclosure, and request for protected health information across every covered entity and business associate in the United States.
It was also written for a world where a human being made every access decision.
The standard applies to every covered entity — hospitals, health systems, physician groups, and health plans alike. But it is in the clinical and administrative workflows of healthcare providers where AI adoption is moving fastest, and where the compliance gap is most immediately visible. Hospitals are deploying AI agents to handle clinical documentation. Health systems are using Copilot across administrative workflows. Revenue cycle teams are building AI-assisted retrieval systems that pull patient records to answer billing and coding questions. Each of these deployments involves PHI. None of them applies the minimum necessary standard in any meaningful operational sense.
What the Standard Actually Requires
The minimum necessary standard requires covered entities to limit the use or disclosure of PHI to what is actually needed to accomplish the intended purpose. For routine disclosures, standard protocols can define what is appropriate. For non-routine ones, HHS requires individual review with documented criteria limiting the data to what the purpose actually demands.
Under HITECH, this obligation extended to business associates — every third-party vendor, platform, or service provider that touches PHI. And in January 2025, the Federal Register published HHS’s first proposed major update to the HIPAA Security Rule in twenty years, strengthening cybersecurity requirements for all systems that process electronic PHI — including AI systems operating across clinical and administrative workflows. AI is now squarely within the compliance framework, not as a future concern but as a current obligation.
What AI Agents Actually Do
When a health system deploys an AI agent across its clinical or administrative workflows, the agent does not apply the minimum necessary standard. It cannot. The standard requires a judgment: given this specific task and this specific purpose, what is the minimum PHI required? That judgment has always been exercised by a human being who understood the task, the patient relationship, and the regulatory obligation attached to it.
The agent retrieves what it can reach. It does not ask whether a patient’s full medical history is necessary to answer a prior authorization question. It does not ask whether surfacing psychiatric records in the context of a billing inquiry exceeds what the task requires. It makes a retrieval decision, not a compliance decision.
This is the same judgment gap the previous articles in this series have described across financial services and the developer ecosystem. In healthcare, that gap has a specific regulatory name and a thirty-year enforcement history behind it.
The Specific Failure Mode
The failure mode in healthcare AI is not the classic breach — an unauthorized party accessing patient records. That risk is well understood and extensively controlled.
The emerging failure mode is the authorized agent, operating within legitimate access boundaries, retrieving and exposing more PHI than the specific task required. A Copilot summarizing a patient’s case for an administrative purpose may surface clinical details that exceed what the minimum necessary standard permits. An AI agent answering a coding question may retrieve a complete record when a single encounter note was the only appropriate scope. A retrieval system supporting prior authorization may pull PHI across multiple episodes of care when one diagnosis was all the purpose required.
None of these scenarios involve unauthorized access. All of them may constitute minimum necessary standard violations. And none of them would be visible to a DLP system or access log review, because the access itself was authorized.
Why Policy Cannot Solve This
A policy that says “AI systems should follow the minimum necessary standard” does not satisfy the requirement. The standard demands that the criteria be applied at the moment of access — inside the workflow, before the PHI appears in an output.
Writing a policy and auditing after the fact is not minimum necessary compliance. It is documentation of a violation that has already occurred.
The proposed 2025 Security Rule update makes the regulatory direction clear: AI is not exempt from HIPAA’s structural requirements. It is subject to them with the same rigor as any other system that touches PHI. The obligation does not diminish because the access is faster, more automated, or mediated by a model rather than a person.
The Standard the Human Always Applied
The minimum necessary standard was never primarily a technical requirement. It was a behavioral one. Covered entities implemented it by training workforces to exercise judgment about what PHI was appropriate for each task. The compliance infrastructure was built on the assumption that a human being would make those judgments at the point of access.
When an AI agent enters the workflow, that assumption breaks. The agent has the access. It does not have the judgment. And the minimum necessary standard does not disappear because the person who used to apply it has stepped back.
HIPAA tells you exactly what the rule is: the minimum necessary to accomplish the intended purpose. The question AI deployments now have to answer is who, or what, applies that standard inside the reasoning loop where the access actually happens.
The regulation is not ambiguous. The compliance gap is not theoretical. It is already open in every health system that has deployed AI without answering that question.
Original article appeared here.