01 What is it?
HIPAA is the US health information protection regime, applying to any system handling protected health information. PCI-DSS is the payment card industry data security standard, applying to anyone handling cardholder data. Both impose specific technical and organisational controls on AI workloads in their scope.
02 Why implement it?
- Required for any AI workload touching PHI or PAN data
- Define specific technical and organisational controls
- Map cleanly to ISO 27001 and SOC 2 baselines
- Specific guidance for cloud, encryption and access
- Audited by accredited bodies or QSAs
03 How I help
I help teams scope HIPAA and PCI-DSS for their AI workloads, design the segmentation, encryption and access controls, build the evidence pack, and coordinate with HIPAA auditors or PCI QSAs.
04 Expected deliverables
- Scoping assessment for HIPAA or PCI-DSS
- Segmentation, encryption and access design
- Control implementation plan
- Evidence pack and audit coordination
- Operating model post-audit