Healthcare SaaS · Patient support AI

Healthcare platform intercepted 23 PHI disclosures before patient inbox delivery

Published May 10, 2026

Outcome

23 PHI disclosures intercepted · BAA in place · zero HIPAA incidents

The problem

The customer ran an AI-powered patient support bot that answered queries about appointments, prescriptions, and care plans. During a routine compliance review, the security team discovered that the model occasionally echoed back SSNs, DOBs, and partial MRN numbers extracted from the patient record context window — exactly the kind of disclosure that triggers HIPAA §164.514 notification requirements.

The risk

A single unprotected PHI disclosure to the wrong patient inbox constitutes a HIPAA reportable breach. At $100–$50,000 per violation under HHS Office for Civil Rights enforcement, and with a patient population of 200,000+, the risk exposure was material.

Implementation

Signed a BAA with DataVibe. Deployed the gate at the patient message delivery layer: every bot reply is routed through POST /v1/gate/outbound before the sendgrid send call. The workspace policy uses the healthcare-safeguards bundle: PHI regex (SSN pattern, MRN pattern, DOB combos), a personal_data_reference denylist, and a HIPAA_DIAGNOSIS WARN rule. All BLOCKED and QUEUED decisions are written to the tamper-evident audit chain and exported weekly to the compliance officer.

What changed

23 PHI disclosure incidents blocked in the first 30 days.
Zero HIPAA reportable incidents since deployment.
Audit log exported to compliance weekly — 100% traceability on every bot reply.
HITL escalation path: high-severity PHI intercepts route to the patient services lead within 4 hours.

Patient support bot — before and after DataVibe

// Before: bot reply sent directly to patient inbox
await sendgrid.send({
  to: patient.email,
  subject: "Re: Your appointment inquiry",
  html: botGeneratedReply,  // ← PHI may be present
});

// After: intercept before dispatch
import { DataVibeClient } from "@datavibe.cc/sdk";

const dv = new DataVibeClient({ apiKey: process.env.DATAVIBE_API_KEY });

const result = await dv.intercept({
  recipient: patient.email,
  subject: "Re: Your appointment inquiry",
  body_html: botGeneratedReply,
  source_model: "claude-3-haiku",
  metadata: { patient_id: patient.id, bot_session: sessionId },
});

if (result.status === "BLOCKED") {
  // PHI detected — never sent. Log and escalate.
  await escalateToClinicalOps(patient.id, result.policy_violations);
  return;
}

if (result.status === "QUEUED") {
  // WARN rule fired (e.g. diagnosis language) — human reviews within 4h
  await notifyPatientServicesLead(result.review_url!);
  return;
}

// SENT — all controls passed, patient message delivered

Book a demo Integration guide All case studies

The problem

Implementation

Patient support bot — before and after DataVibe

// Before: bot reply sent directly to patient inbox await sendgrid.send({ to: patient.email, subject: "Re: Your appointment inquiry", html: botGeneratedReply, // ← PHI may be present }); // After: intercept before dispatch import { DataVibeClient } from "@datavibe.cc/sdk"; const dv = new DataVibeClient({ apiKey: process.env.DATAVIBE_API_KEY }); const result = await dv.intercept({ recipient: patient.email, subject: "Re: Your appointment inquiry", body_html: botGeneratedReply, source_model: "claude-3-haiku", metadata: { patient_id: patient.id, bot_session: sessionId }, }); if (result.status === "BLOCKED") { // PHI detected — never sent. Log and escalate. await escalateToClinicalOps(patient.id, result.policy_violations); return; } if (result.status === "QUEUED") { // WARN rule fired (e.g. diagnosis language) — human reviews within 4h await notifyPatientServicesLead(result.review_url!); return; } // SENT — all controls passed, patient message delivered