Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

Endpoint: POST /railscore/v1/compliance/check | Framework code: hipaa | Credits: 5.0 per call
The Health Insurance Portability and Accountability Act establishes standards for protecting sensitive patient health information. The compliance check evaluates whether AI-generated content properly handles PHI and meets HIPAA obligations.

Supported checks

AreaRuleWhat’s checked
PHI handlingPrivacy RuleWhether Protected Health Information is properly safeguarded
Minimum necessary164.502(b)Whether access/disclosure is limited to what’s necessary
BAA requirements164.502(e)Whether Business Associate Agreements are referenced for third-party sharing
Breach notification164.404-408Whether breach notification obligations are addressed
De-identification164.514Whether data meets Safe Harbor or Expert Determination standards
Patient rights164.524-526Right of access to PHI, amendment requests
Security safeguardsSecurity RuleAdministrative, physical, and technical safeguards

Request

curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/check \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "content": "The patient diagnosed with Type 2 diabetes was referred to an endocrinologist.",
    "frameworks": ["hipaa"],
    "context": "Healthcare chatbot assisting clinical staff"
  }'

Response

{
  "result": {
    "overall_compliant": false,
    "frameworks": {
      "hipaa": {
        "compliant": false,
        "issues": [
          {
            "clause": "164.502(b) — Minimum necessary standard",
            "description": "Response includes specific diagnosis information. Verify that the recipient requires this level of clinical detail.",
            "severity": "medium",
            "remediation": "Apply minimum necessary principle: only include PHI elements required for the specific use case. Consider de-identifying where possible."
          }
        ]
      }
    }
  },
  "credits_consumed": 5.0
}

Combine with other frameworks

For healthcare AI operating in the EU, check HIPAA alongside GDPR: 
curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/check \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "content": "Patient records are stored in US-based cloud infrastructure.",
    "frameworks": ["hipaa", "gdpr"],
    "context": "Telemedicine platform serving US and EU patients"
  }'
Dedicated HIPAA endpoints for PHI detection, de-identification verification, and BAA compliance tracking are under development.