AI Blaze HIPAA Guide

HIPAA Guide

AI Blaze is a secure, AI-powered web application designed to help users work more efficiently by generating contextual AI responses directly within any webpage. We are committed to maintaining industry-leading data security standards and supporting our customers' compliance with HIPAA regulations. We maintain SOC 2 Type II certification and undergo regular third-party audits.

Using AI Blaze with PHI

Below you'll find details about our security practices and guidelines to help ensure your HIPAA-compliant use of our platform. Please note that this document applies to AI Blaze users with a paid subscription. If you’re looking to use AI Blaze with Protected Health Information (PHI), sign a BAA with us here.

Data Handling Overview

When you trigger an AI Blaze prompt, content is securely routed through our servers to the designated AI provider and back.

Neither the request nor the response is logged or stored by AI Blaze beyond the time it takes to fulfill your request, nor is it used by us or our AI providers to train models. We sign BAAs with our AI providers. See details below.

Prompt and PHI

AI Blaze stores the prompt you create at ai.blaze.today in our Google Cloud Platform located in the United States. Prompts are created for the purpose of generating contextual, generic AI responses.

Please exercise caution and refrain from saving Personal Health Information (PHI) directly in the prompts themselves on the dashboard, as this will store sensitive data on Text Blaze’s servers.

Real-Time PHI Processing

When a prompt is triggered either as a saved prompt or using the free-form prompt entry field, PHI may be processed, even if the prompt itself doesn’t contain PHI. The response generated by the AI provider may also contain PHI.

By default, when triggering a prompt, the page content, which may contain PHI, is added to the prompt to ensure responses are contextual. Users can opt out and choose not to include the page content with the prompt.

PHI can be added to the prompt in various other ways that are not on by default and require user action. These include adding form fields (such as text boxes) to the prompt to customize it in real-time or using the {site} command to read information from the current or other open webpages.

Data Storage

AI Blaze protects user data from account creation using Google’s authentication services, to encryption of data in transit to and from AI Blaze servers using browser based Transport Layer Security (our application dashboard has an A+ rating from Qualys SSL Labs), and finally encryption of that data at rest on our servers using the 256-bit Advanced Encryption Standard (AES).

We work with industry-leading Cloud service providers. Our core systems are built on the Google Cloud Platform located in the United States and our community forums run on Digital Ocean. These service providers maintain industry-standard security certifications such as HIPAA, SOC 1, SOC 2, and ISO 27001.

3rd Party AI Providers

We use OpenAI, Anthropic and Google Gemini as our AI providers. We have signed a BAA with each provider.

The following is a brief description of how each provider currently handles prompt data:

  • Anthropic: Anthropic will not train models on your prompts. We also have a Zero Data Retention agreement with Anthropic.
  • OpenAI: OpenAI will also not train models on your prompts. We also have a Zero Data Retention agreement with OpenAI. Even with this agreement, OpenAI may automatically scan images submitted to it for CSAM. If its automated process identifies CSAM, the images may be retained for review.
  • Google: Google will not train models based on your prompts.

Anthropic’s Sonnet is our default and recommended model.

Compliance

AI Blaze does not independently ensure HIPAA compliance. Users are responsible for configuring and using the platform in a compliant manner (e.g., not storing PHI in prompts).

Please review our Terms of Service and Privacy Policy.

If you have further questions regarding our security stance or any other concerns, please reach out to compliance@blaze.today. We will gladly work with you and your organization to answer any questions you may have.