What is medical-grade private AI?
Medical-grade private AI means running AI features on private or dedicated infrastructure using open-weight models, so protected health information (PHI) stays inside a controlled boundary and is never used to train a third-party model — built and validated under the same frameworks (IEC 62304, ISO 14971, FDA AI/ML guidance) that govern any medical-device software.
It is the opposite of pasting clinical data into a consumer chatbot. The model, the data, and the controls around them are treated as part of a regulated system, not an unmanaged black box.
Why can’t medical teams just use public LLM APIs?
Because the medtech objection to public LLM APIs is threefold: patient data leaving the trust boundary to a third party, prompts and outputs being used to train someone else’s model, and uncontrolled retention of PHI. Each is disqualifying on its own for regulated health data.
A defensible deployment answers all three: keep data inside a boundary you control, choose models and hosts that do not train on your data, and design for zero or known retention with encryption and access logging.
How do you keep PHI private when adding AI?
By deploying open-weight models in one of three private patterns — self-hosted/on-prem, a private VPC connection to a HIPAA-eligible managed platform under a signed BAA, or a logically isolated single-tenant endpoint — so prompts and PHI never reach a shared, public model.
- Self-hosted (e.g. vLLM with open weights): PHI never leaves your infrastructure; maximum control, highest operational responsibility.
- VPC / private connectivity (e.g. AWS Bedrock via PrivateLink): private network path, no public internet exposure, under a Business Associate Agreement.
- Dedicated / single-tenant inference (e.g. Fireworks AI, Azure OpenAI, Together): logically isolated workloads with no cross-tenant access and no-training defaults.
Two clarifications matter. "SOC 2" is an independent auditor’s attestation that controls operated effectively over a period — not a certification, and not the same as HIPAA. And "HIPAA-eligible" infrastructure can be used for PHI under a Business Associate Agreement, but compliance itself is an organizational obligation (risk analysis, safeguards, training, breach response, BAAs down the chain), not a product you can buy.
How is AI validated inside a medical device?
AI features are validated like any other medical device software function: risk management under ISO 14971, software lifecycle under IEC 62304, and the AI-specific expectations of FDA’s Good Machine Learning Practice and lifecycle guidance — representative data, independent test sets, human-in-the-loop, and post-deployment monitoring for data drift.
For changes, FDA’s Predetermined Change Control Plan (PCCP, finalized December 2024) lets manufacturers pre-authorize defined future modifications in the initial marketing submission — so a model that is meant to evolve does not require a brand-new submission for every planned change. Architecting change management to fit a PCCP (description of modifications, modification protocol, impact assessment) is part of building AI that can live in a regulated product.
Frequently asked questions
Does private AI mean our data never trains a public model?
Yes. With open-weight models you host, or vendors with explicit no-training defaults, your prompts and PHI are not folded into any public model. Self-hosting keeps the data entirely inside your boundary.
Can private AI be HIPAA compliant?
No software is "HIPAA compliant" by itself — compliance is organizational. But private AI can be built with HIPAA-conscious architecture on HIPAA-eligible infrastructure under signed Business Associate Agreements, designed to support your HIPAA program.
Does using AI mean a new FDA submission every time the model changes?
Not necessarily. A Predetermined Change Control Plan (PCCP) lets a manufacturer pre-authorize defined modifications in the original submission. Designing change management around a PCCP avoids a new submission for each planned change.