About one in five care teams mistakenly believe they don’t need a business associate agreement (BAA) when using AI email assistants that handle protected health information (PHI), a misunderstanding that can leave organizations exposed to serious HIPAA violations. Research from Paubox in 2025 paints a similar picture: fewer than half of healthcare organizations have BAAs in place for their AI email tools.
At the same time, vendors are racing to position AI as part of the security solution. New email protection tools promise HIPAA-aligned features such as phishing detection and adaptive threat monitoring, but those claims only hold up if healthcare organizations confirm that data is fully encrypted and never retained or reused. Once developers handle PHI, they become business associates under the law. The problem is that many AI tools fall into gray areas, where PHI is pasted into systems that were never designed with healthcare compliance in mind.
The bottom line is email AI isn’t automatically HIPAA compliant. Whether it helps or hurts depends on the basics, clear vendor agreements, strong security controls, documented audits, and a serious approach to risk management.
A quality improvement project at Stanford Health Care offers a clear picture of how AI can ease the daily burden on clinicians. In a five-week pilot involving 162 physicians, advanced practice providers, nurses, and pharmacists, a HIPAA compliant, EHR-integrated large language model was used to draft replies to patient messages.
On average, clinicians relied on the AI for about 20% of their responses, a level of adoption that emerged organically without mandates or heavy training. The impact on well-being was measurable: physician task load scores dropped from 61.3 to 47.3, and work exhaustion scores fell from 1.95 to 1.62. Notably, these gains came without any change in reply, read, or write times, showing that the tool reduced cognitive strain even when it didn’t shorten the clock.
What makes generative AI especially useful is its ability to handle the ‘last mile’ of patient communication, turning clinical language into clear, patient-friendly messages and helping staff respond faster without burning out. Nurses, who manage some of the highest message volumes, have been among the biggest users.
AI has introduced privacy challenges in healthcare that HIPAA was never fully designed to handle. The law was built around a world where patient information moved in fairly predictable ways, shared by people, between known organizations, and under defined oversight. In a chapter from a Research Handbook on Health, AI and the Law an expert puts it, “AI relies on vast quantities of data that travel from one context to the other, draws inferences that were never present in the data and can be used in unforeseen ways,” which clashes with the way HIPAA’s protections were structured around discrete clinical use cases.
Information that once seemed safely anonymized can be pieced back together when multiple datasets are combined, exposing patient identities in ways HIPAA never anticipated. At the same time, many AI tools operate as ‘black boxes,’ producing results without clear explanations of how decisions were made. That lack of transparency makes it harder to apply core HIPAA principles like the ‘minimum necessary’ standard, because it’s no longer clear what data is truly required, or how much of it the system is actually using behind the scenes.
Not every company building or hosting AI tools qualifies as a business associate under HIPAA, which means sensitive health data can end up being shared or processed outside the law’s traditional safeguards. Cloud-based training, global data flows, and third-party integrations all increase the risk that patient information travels far beyond the healthcare organizations that originally collected it.
Bias and automation deepen these concerns. Algorithms trained on historical data can quietly reinforce inequities, generating errors or assumptions that aren’t always easy to audit or even detect. And with generative AI systems that learn continuously, like chatbots handling patient questions, information can be absorbed and reused continuously, often without the clear, one-time consent structures HIPAA relies on.
Paubox’s use of generative AI for inbound email security stands out in healthcare because it strengthens protection without creating the compliance risks often tied to chatbot-style tools. Instead of handling outbound patient messages that may contain PHI, and potentially sending that data to external models, Paubox keeps its focus on the front line. Its AI scans incoming messages in as they come in, looking at email headers, language patterns, sender behavior, and attachments to catch AI-generated phishing attempts, spoofing, and malware before they can do harm.
Its gateway-first design fits naturally with HIPAA requirements to create HIPAA compliant email. By noting prevention rather than message creation, Paubox avoids many of the data exposure issues that come with generative reply tools. The platform supports automatic TLS encryption, maintains zero PHI retention, offers HITRUST certification, and provides a BAA. Added protections like ExecProtect stop display-name spoofing, along with DMARC, DKIM, and SPF authentication, helping reduce false positives while still catching the most dangerous threats.
Internal emails containing PHI must follow the same Security Rule requirements as external emails.
Not by default. These services can only be used if configured securely and if the provider signs a BAA with the email vendor.
An email provider becomes a business associate when it stores, processes, or transmits PHI on behalf of a covered entity and therefore must sign a BAA.