HIPAA audit trail — 45 CFR § 164.312(b)
HIPAA's Technical Safeguards rule requires covered entities to implement audit controls that record and examine activity in information systems containing or using electronic protected health information (ePHI). Verdifax is the integrity layer for the AI portion of those records.
What § 164.312(b) actually says
"Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information."
That sentence is intentionally technology-neutral. It doesn't specify a format, a retention period, or a verification model. Audit-control implementations are evaluated on whether they're sufficient to support post-incident investigation and routine review.
Where audit trails fail in AI systems
A typical AI clinical-decision-support system produces a recommendation, the recommendation is logged with a timestamp + user id + model version, and that's the audit record. Two problems:
- The log is editable by anyone with database access. The integrity of the audit record depends entirely on the operator's promise to not modify it.
- The log doesn't reproduce the decision. If a clinician disputes the recommendation, "the model said X" is the entire audit trail — there's no way to reconstruct exactly what the model saw and how the recommendation was generated.
Both problems are exactly what Verdifax is designed to address.
Mapping
| HIPAA audit-control element | Verdifax contribution |
|---|---|
| Records activity in systems using ePHI | Every AI inference touching ePHI produces a sealed manifest hash |
| Tamper-evident | Modifying any sealed field invalidates the hash |
| Reviewable | The PDF audit report at /runs/{id}/report.pdf is suitable for inclusion in incident response |
| Reconstructable | Given the input + program identity, the recommendation is byte-for-byte reproducible |
Practical pattern
For a clinical decision support model:
import verdifax
# 1. Compute a privacy-preserving payload — never include raw PHI in the seal.
import hashlib
phi_hash = hashlib.sha256(patient_record_canonical.encode()).hexdigest()
receipt = verdifax.attest(
payload=f"phi_hash:{phi_hash}\nrecommendation:{model_output}",
program_id="<your-clinical-program-id>",
route_id="cdss-recommendation-v3",
registry_record_hash="<your-registry-record-hash>",
)
# 2. Store ALONGSIDE the recommendation in your existing audit log.
audit_db.insert({
"patient_id": patient.id, # internal id, not PHI
"user_id": clinician.id,
"recommendation": model_output,
"verdifax_seal": receipt.manifest_hash,
"timestamp": utcnow(),
})
The seal goes in your existing audit table. When the incident-response team needs to verify a specific recommendation later, they re-derive the hash from the inputs and confirm match.
Why hash the PHI rather than seal the raw bytes
HIPAA's minimum-necessary principle says you record only what's needed for the audit purpose. The Verdifax seal needs the identity of the input, not its contents. SHA-256 of the canonical PHI representation gives you input-identity without exposing the PHI in the seal record itself.