When PHI Meets Shadow AI

Healthcare security teams have gotten used to a certain kind of “shadow” problem. Shadow IT was bad enough with unsanctioned apps, unmanaged storage, and random SaaS accounts holding sensitive data. But generative AI has changed the shape of the risk. To quote our latest research, “achieving visibility into ‘Shadow AI’ has emerged as a critical imperative for modern DSPM.”

Shadow AI is more than another unapproved app. Shadow AI is a behavior, embodied by actions like copy/pasting protected health information (PHI) into a chatbot. It often comes by good intentions, but with consequences that can turn into a compliance incident or breach headline.

Below, learn how AI-driven Data Security Posture Management (DSPM) is evolving to address Shadow AI and why Data Loss Prevention (DLP) must be part of that story.

 

Shadow IT vs. Shadow AI

You can describe Shadow IT as “static software installation.” Shadow AI, on the other hand, introduces dynamic risks. Autonomous external models process, reshape, and potentially retain sensitive PHI without a Business Associate Agreement (BAA).

If an employee uploads a spreadsheet of patient data to an unapproved file-sharing service, you can hunt it down. But if someone pastes patient context into an unsanctioned LLM, you’ve now lost control of where the data went, how long it persists, and what the model learned from it.

Many public chat interfaces and non-enterprise tiers remain inappropriate for PHI. Organizations must clearly distinguish between HIPAA-eligible AI services that are covered by a BAA and consumer grade tools without contractual safeguards.

 

Traditional data protection approaches miss the moment

A lot of healthcare security programs still treat sensitive data as something you need to secure where it sits. Think databases, file shares, object storage, SaaS repositories, EHR exports, etc.

That still matters. Organizations store vast amounts of data across various locations, making them difficult to track, manage, and safeguard across a growing cloud footprint.

But Shadow AI is data in motion, often leaving your managed environment by a user typing or pasting it into a web app. AI-enhanced DSPM solutions are evolving to close this visibility gap. They aim to move beyond simple storage scanning to analyze real-time data flows and user intent. This is a big deal for DSPM, because it suggests DSPM is growing into something closer to continuous, behavior-aware governance.

 

The DSPM + DLP combo

DLP and DSPM are complementary, and Shadow AI is exactly where the pairing becomes necessary. DSPM helps you understand where PHI resides, control who can access it, and ensure its adequate protection.

DLP acts to inspect the data based on PHI policies. It can audit, block, encrypt, or quarantine the data before it exits the organization. For Shadow AI, the “before it exits the organization” part is the critical window.

AI-driven approaches improve visibility, context, and classification, especially for messy healthcare data formats (clinical notes, emails, texts, images of printed records, embedded metadata).

In the context of generative AI, modern controls should be able to:

• Monitor public GenAI apps and automatically discover new AI apps as they appear
• Monitor GenAI sites using WebSockets to track live data flows and interactions
• Extend detection beyond text with OCR for images/documents containing PHI/PII
• Detect and highlight policy violations (PHI/PII exposure)
• Block specific prompts that violate data protection or compliance rules
• Export prompts and results for audit/compliance reporting
• Ingest custom health data criteria like Exact Data Match (EDM) for policy enforcement

DSPM must evolve into posture measurement plus runtime awareness of how data is being used and where it’s flowing.

 

DSPM finds the Where, DLP enforces the Don’t

If you’re trying to explain this internally (without starting a civil war between tool owners), here’s a clean framing:

1. DSPM discovers and classifies PHI at scale, across managed and unmanaged assets, shadow data, caches, pipelines, and big data.
2. DSPM helps propagate least privilege by understanding permissions and access paths.
3. DLP enforces PHI policy at the moment of movement, including exfil paths that look like normal work (emailing, uploading, copy/paste into web apps).
4. AI makes both layers more realistic at healthcare scale, replacing brittle rules with pattern recognition, behavioral analytics, and context.

A basic flow is “DSPM first, DLP last”:

• Identify locations of sensitive files through discovery
• Understand permissions to propagate least privilege
• Provide data owners visibility
• Establish policies
• Allow your DLP solution to identify and act on the classified file

Now translate that to Shadow AI:

• DSPM: Identify where PHI lives + who can access it
• DLP: Stop users from pasting PHI into unsanctioned LLMs (and log/alert when it happens)

 

User intent is the new control plane

DSPM and DLP have to reason about intent, not just content. AI-driven approaches can distinguish PHI from “lookalikes.” They can also understand context, such as medical terms used in marketing materials versus actual patient content.

On the DLP side, behavioral analytics can detect deviations. Think of this like an admin accessing research databases after hours and attempting mass downloads to unknown locations.

That same concept applies cleanly to GenAI usage:

• A clinician using an approved AI assistant inside a governed environment is one thing
• A staff member pasting raw PHI into a consumer chatbot is another
• A developer feeding production patient logs into an external model to debug is… a third, extremely common thing

Shadow AI forces organizations to stop thinking in “allowed app vs blocked app” binaries. They need to start thinking in context + data sensitivity + destination + assurance (BAA/controls).

 

What to do next

Shadow AI can feel overwhelming because it’s a cultural, technical, and governance shift happening all at once. Luckily you don’t need to rip and replace your security stack to make meaningful progress. The right approach builds on capabilities you likely already have, especially if you’re investing in DSPM and DLP.

Here’s how to move forward strategically:

 

1) Treat GenAI usage as a data flow problem

Blocking a few well-known public AI websites may feel productive, but it won’t solve the core issue. New AI tools appear weekly, and many operate inside existing platforms your organization already trusts.

Instead, shift the lens from “Which apps are allowed?” to:

• What types of sensitive data are leaving the environment?
• Who is sending it?
• Where is it going?
• Under what contractual and security assurances?

Shadow AI risk is fundamentally about PHI leaving controlled systems without governance safeguards. When you focus on the data flow, you gain durability against tool churn.

 

2) Define a clear “HIPAA-eligible AI” standard

Make sure to distinguish between AI services covered by a BAA and consumer-grade tools without contractual safeguards. Consider creating:

• A published list of approved AI services (with BAAs in place)
• Clear language explaining what constitutes PHI input
• A simple decision tree: Does this tool have a BAA? Is PHI permitted under contract? Are data retention and model training terms acceptable?

If users don’t understand the boundary, they’ll create their own. Shadow AI often starts with good intentions, not malicious intent. Clear guardrails reduce accidental violations.

 

3) Upgrade DLP for Generative AI realities

Traditional DLP often struggles in healthcare because PHI is messy. Here are some capabilities that are particularly relevant in GenAI scenarios:

• Monitoring web-based AI applications
• WebSocket visibility for live interactions
• OCR for images containing PHI
• Exact Data Match (EDM) support
• Prompt-level blocking
• Exportable audit logs of prompts and outputs

If your DLP strategy can’t see beyond structured fields and regex rules, it’s time to modernize. AI-assisted classification and contextual analysis aren’t luxury features anymore.

 

4) Combine DSPM visibility with runtime enforcement

DSPM tells you:

• Where PHI lives
• Who has access
• How exposed it is
• Whether least privilege is actually enforced

DLP tells you:

• When PHI is leaving
• Whether to block, encrypt, quarantine, or log

Shadow AI lives at the intersection. DSPM identifies highly sensitive data sets with broad access permissions. DLP observes increased outbound prompt activity from those users. That’s a correlated risk signal.

To operationalize this:

• Feed DSPM policy violations into your SIEM
• Integrate DLP events with identity telemetry
• Escalate high-risk behaviors through ITSM workflows
• Review GenAI-related alerts in tabletop exercises

 

5) Build visibility before you enforce aggressively

Immediate hard blocks across all AI services may drive Shadow AI further underground.

Instead:

• Start with monitoring mode where possible
• Establish a baseline of AI usage
• Identify high-risk patterns (bulk data, after-hours uploads, sensitive departments)
• Use targeted controls for high-risk flows

Security programs succeed when enforcement is informed, not reactive.

 

6) Prepare for unknown AI apps

You need to automatically discover new AI apps as they appear. Since the GenAI ecosystem is evolving rapidly, your program should assume:

• Users will experiment
• Vendors will embed AI without prominent notice
• New endpoints will appear faster than policy cycles

Continuous discovery and adaptive policy are essential.

 

7) Align security messaging with productivity

Healthcare staff shortages and burnout are real. Users are adopting AI tools because they save time.

If security messaging is all about how AI is dangerous and you shouldn't use it, then you will lose.

Instead, frame AI as powerful and share how to use it safely to protect patient data. Provide sanctioned pathways for innovation. Shadow AI shrinks when secure alternatives are usable and accessible.

 

8) Make auditability and forensics first-class capabilities

When (not if) a questionable prompt incident occurs, you’ll want:

• Visibility into what was submitted
• Classification context (was it PHI?)
• Timestamp and user identity
• Destination service
• Whether the service had a BAA
• What remediation occurred

Make sure to export prompts and results for audit and compliance purposes.

 

Read the full CSA publication

Shadow AI is a very real and present problem, driven by real productivity gains and real data sensitivity. Luckily, AI-enhanced DSPM and DLP capabilities address exactly this class of risk:

• Continuous data discovery
• Context-aware classification
• Behavioral analytics
• Real-time data flow monitoring
• Policy-based enforcement

You don’t need to boil the ocean. But you do need to shift your mental model from securing where PHI is stored to securing how PHI moves and is used.

CSA’s new DLP and DSPM in Healthcare publication goes further into:

• The specific AI-driven advantages for DLP and DSPM (classification, anomaly detection, policy automation, data mapping, compliance reporting)
• The regulatory stakes (HIPAA, HITECH, GDPR) and why monitoring data movement approaches to understand intent and safeguard data is now foundational
• The emerging threat dimension: adversarial techniques that try to evade AI-based controls

If you’re building a roadmap for healthcare data protection in the era of GenAI, the full report is designed to help you justify and prioritize the right capabilities, without relying on static rules and hope.