Lifecycle orchestration and shadow-AI audit for healthtech.

Why this matters for Healthtech

What is an OCR audit actually looking for when it asks about former-employee access?

Healthtech cannot afford a former clinician, engineer, or support agent retaining access to a system that touches PHI. HIPAA breach notification rules, state health privacy laws, and OCR audit risk make every 90-day ghost account a named-incident candidate. AI scribes, AI triage tools, and AI patient-chat tools are being adopted faster than compliance teams can review them.

SaaS per employee

30–45 apps/employee, with dense clinical and ops overlap

Key regulatory pressure

HIPAA Security Rule access controls, HITECH breach notification thresholds, state health privacy laws (CMIA, Texas HB 300, Washington My Health My Data Act), and OCR audit readiness.

Shadow-AI angle

Clinical teams adopting AI scribe tools (Abridge, Nuance, Suki, or general LLMs) paste patient notes into prompts that may be retained by the vendor. Tenet identifies the tool in the per-employee lifecycle trail so the BAA status and retention posture becomes auditable.

Executive summary

How does Tenet handle PHI-adjacent shadow-AI tools a clinician adopted last month?

Healthtech at 500-5,000 employees carries two compounding pressures that no mid-market lifecycle tool adjacent to the category addresses cleanly: first, HIPAA's access-control obligations under 45 CFR 164.308(a)(4) require reasonable and appropriate revocation of access when the user's employment or affiliation ends, with OCR audit risk on breach determinations when ghost accounts exist at 90 days; second, the explosive adoption of AI scribes, AI patient-chat tools, AI triage, and AI billing-assist tools in 2024-2026 has created a BAA-status tracking nightmare where the compliance team has 40-80 AI tools in use across the organization and BAA execution status on roughly half.

Tenet is built for exactly this compounding fact pattern. Event-driven revocation across Epic, Cerner, Salesforce Health Cloud, Google Workspace / Microsoft 365, and the long tail of SaaS and AI tools satisfies the HIPAA 164.308 access-control expectations natively. The shadow-AI registry captures every AI tool in use with BAA status, DPA status, data residency, and retention policy — producing the standing AI-tool inventory the OCR auditor increasingly asks for. For each former clinician, engineer, or support agent, the per-subject revocation certificate names every system, every revocation timestamp, every BAA status, and every residual-flag. The compliance team goes from reactive breach-determination scrambles to continuous readiness.

Representative stack

What is the offboarding-to-BAA-review workflow Tenet automates?

Tenet plugs into the stack most healthtech companies at 500–5,000 employees already run. You don’t switch HRIS. You don’t switch IAM. Tenet becomes the orchestration layer between them and the long tail of SaaS and AI tools where the audit evidence used to disappear.

• Rippling or Paylocity (HRIS)
• Okta or Microsoft Entra (IAM)
• Epic / Cerner integration surfaces
• Google Workspace / Microsoft 365
• Salesforce Health Cloud
• Internal ops stack (Slack, Notion, Linear)

Use cases

How does Tenet support the Washington My Health My Data Act 45-day DSAR window?

Implementation playbook

How does Tenet orchestrate EHR, secure messaging, and AI scribe revocation at clinician termination?

Most healthtech deployments complete the 4-phase playbook in 28 days. Accelerated deployments (14-21 days) are available for teams with pre-approved service accounts and existing Okta / HRIS investments.

1. Phase 1 · Week 1

   Connect

   Activities

   Service accounts provisioned for Rippling or Paylocity HRIS, Okta or Microsoft Entra IAM, Epic or Cerner integration surface, Salesforce Health Cloud, Google Workspace or Microsoft 365, AI scribe tool (Abridge, Nuance DAX, or Suki), and secure messaging. BAA executed with Tenet for PHI-adjacent audit metadata. CISO + Compliance + Privacy Officer approve per-integration scope.

   Artifacts produced

   Integration scope + BAA matrix · HIPAA 164.308 readiness baseline · Initial shadow-AI inventory

2. Phase 2 · Week 2

   Baseline

   Activities

   Baseline audit: orphan accounts, residual access on departed clinicians, shadow-AI tools with and without BAAs. Reconciliation with known-IT inventory. Orphan cleanup in dry-run, then committed with privacy officer approval. BAA-status-missing tools escalated to compliance for BAA outreach or deprecation.

   Artifacts produced

   Baseline audit · BAA gap report · Orphan cleanup receipt · Shadow-AI registry v0

3. Phase 3 · Week 3

   Activate

   Activities

   Clinician and staff termination automation live. Contractor lifecycle automation live. Scheduled access reviews prepared for next HIPAA walkthrough. Shadow-AI monitoring streams to CISO + Privacy Officer queue.

   Artifacts produced

   Live termination automation · Contractor lifecycle receipt · Scheduled review preview

4. Phase 4 · Week 4

   Audit-ready

   Activities

   First OCR walkthrough dry-run with per-subject export. First HITECH breach-determination dry-run on a hypothetical incident. First state health privacy DSAR dry-run. Privacy Officer presents audit readiness to Chief Medical Officer and CEO.

   Artifacts produced

   OCR walkthrough artifact · HITECH dry-run · Multi-state DSAR artifact · CMO briefing deck

Regulatory deep dive

What does HITECH breach-notification material-assessment look like with continuous audit evidence?

Healthtech at 500-5,000 employees operates under a regulatory stack more complex than any other industry Tenet serves. HIPAA Security Rule (45 CFR Parts 160 and 164) is the foundation: Section 164.308(a)(4) information-access-management standard, Section 164.308(a)(1)(ii)(D) information-system-activity review, and Section 164.312(a) access control technical safeguards all require evidence of appropriate access termination and ongoing access review. The 2013 HIPAA Omnibus Rule extended direct liability to business associates, and the 2024 HHS Notice of Proposed Rulemaking on the Security Rule proposes tightening the access-control expectations further — specifically pushing toward continuous verification and faster revocation than the current 'reasonable and appropriate' language invites.

HITECH (42 USC 17932) breach notification requires covered entities to notify affected individuals, HHS, and in some cases media within 60 days of a breach determination. The materiality assessment that precedes the notification decision frequently turns on the former-employee access trail. Tenet's continuous per-subject audit cuts the assessment time and, in many cases, documents the absence of material access that would have triggered notification obligation in the first place.

State health privacy laws are accelerating in 2024-2026. The Washington My Health My Data Act (RCW 19.373) imposes consumer-health-data-specific obligations including 45-day DSAR response. Texas HB 300 (Health and Safety Code 181) adds state-level data-privacy requirements on top of HIPAA for Texas-resident data. California's CMIA (Confidentiality of Medical Information Act) has been the long-standing state standard. New York, Illinois, and Massachusetts have active legislation in progress. Tenet's per-subject export format handles each state's citizen-request schema natively.

For federally funded research and grant-supported clinical research environments, NIST SP 800-171 controls (particularly 3.1.1 through 3.1.22 for access control) apply alongside HIPAA. CMMC 2.0 Level 2 will apply to defense-related clinical research. Tenet's audit format maps to NIST 800-171 control-family evidence expectations.

On the AI-tool side, the FDA's 2024 AI/ML-based Software as a Medical Device guidance and the HHS OCR bulletin on online tracking technologies (December 2022, with 2024 enforcement activity) together create an audit surface around AI tools that touch PHI. The BAA requirement under HIPAA for vendors that create, receive, maintain, or transmit PHI extends to AI tools that process PHI. Tenet's shadow-AI registry captures the BAA status per tool, the data-residency posture, and the retention policy — producing the standing inventory an OCR auditor asks for.

Pricing context

What pricing looks like for healthtech at buyer scale

At 1,200 employees in healthtech, Tenet pricing typically lands $42,000-60,000 annual for the full regulated-industry stack (lifecycle + shadow-AI BAA inventory + HIPAA 164.308 evidence + state health privacy export). Competing enterprise IGA + GRC + shadow-AI discovery combinations typically run $200,000-400,000 annual at the same scale. The CISO and Privacy Officer budget authority is typically sufficient for Tenet's ACV, and in many healthtech orgs the compliance budget co-funds year one given the OCR audit readiness value. Professional services are minimal — BAA-execution for Tenet itself takes 2-3 days of legal review and the technical deployment self-runs in 4-6 weeks.

Frequently asked — Healthtech

What healthtech buyers ask before signing

Does Tenet support the HIPAA minimum-necessary standard for former-employee access reviews?

Yes — Tenet's per-event audit trail records the specific access each former employee had, the date and mechanism of revocation, and the BAA status of every SaaS and AI tool where PHI exposure is possible, in a format that maps directly to the HIPAA Security Rule §164.308 audit controls expectation and the breach notification determination workflow under §164.402.

Does Tenet have a BAA with each AI scribe vendor used by our clinicians?

Tenet has a BAA with the customer organization as a business associate. Tenet then provides the BAA-status inventory on each AI scribe and other vendor used by the customer's workforce (Abridge, Nuance DAX, Suki, etc.) and flags gaps for customer action. Tenet does not execute BAAs with third-party vendors on the customer's behalf, but it produces the inventory and the gap list that makes BAA execution tractable.

Can Tenet handle the 45-day DSAR window under Washington My Health My Data Act?

Yes. Tenet's per-subject export is generated in under 15 minutes on demand in the Washington MHMD Act citizen-request format, covering the employee's or former employee's full access footprint across ePHI-adjacent systems. Response within the 45-day window is comfortable, and many Tenet customers now respond within 7-14 days.

Does Tenet integrate with Epic or Cerner directly?

Tenet integrates with Epic and Cerner via the IAM federation layer (Okta or Microsoft Entra) and via the HRIS-to-EHR employee provisioning pipeline where customer configuration permits. For deep EHR-internal role mapping, Tenet reads the role entitlement schema and produces revocation evidence at the role level. Deeper EHR-native integration is available on enterprise plans for customers needing it.

How does Tenet handle HIPAA's conduit exception for AI tools that may not create or receive PHI?

Tenet's shadow-AI registry captures the usage pattern per tool (data passed in, retained at vendor, retained in model) and flags whether the conduit exception plausibly applies. The compliance officer makes the final determination for each tool; Tenet produces the evidence needed for that determination rather than making the call unilaterally. The audit trail preserves the determination rationale for regulator review.

Is Tenet HITRUST CSF certified?

HITRUST CSF certification is on the 2026 roadmap (target Q3). In the interim, Tenet has SOC 2 Type II (audit in progress, expected Q3 2026), ISO 27001 (target Q4 2026), and runs on HITRUST-certified cloud infrastructure. Most healthtech customers accept the SOC 2 + cloud posture for adoption with HITRUST upgrade at certification.

How is Tenet different from Stitchflow?

Tenet is built for the 500-5,000 employee mid-market with shadow-AI discovery and state-privacy audit trails as first-class capabilities, priced for dept-head purchase ($500-2,000/mo entry), while Stitchflow is moving upmarket with an IT-first UX and enterprise pricing. Both orchestrate SaaS lifecycle across HRIS and IAM, but Tenet's spine is the audit line — every provision, revocation, and shadow-AI tool detection produces a record a state-privacy regulator can read, and VP People + CISO share one view instead of Stitchflow's IT-centric console.

What is the smallest company that actually needs Tenet?

Roughly 100 employees with more than 20 SaaS apps per person, or any company where an employee departure triggers a manual checklist across more than 5 systems. Below that threshold, spreadsheets still scale. Above it, the probability of a 90-day-old ghost account rises sharply, and that single ghost account is the fact pattern every state-privacy and EU AI Act audit begins with.

Does Tenet work with my HRIS — Rippling, BambooHR, Workday, or Gusto?

Yes, Tenet reads lifecycle events from Rippling, BambooHR, Workday, and Gusto at launch, with ADP, Deel, Justworks, and UKG on the 2026 roadmap. Tenet is designed as the unbundled orchestration layer that sits above your HRIS — you do not switch HRIS to adopt Tenet, and Tenet never tries to replace payroll, benefits, or time tracking. HRIS stays your system of record for people; Tenet becomes your system of record for what those people can access.

How does Tenet's shadow-AI audit trail satisfy EU AI Act and state privacy law requirements?

Tenet records every shadow-AI tool discovered in employee workflows, every provisioning and revocation event, and every policy decision as an immutable audit entry in a format that exports to the evidence templates expected under EU AI Act (effective August 2026), ISO 42001, NIST AI RMF, and state privacy laws including CCPA-CT and CPRA. The audit format is citizen-request-ready — when a former employee exercises access or deletion rights, Tenet produces the per-subject trail in minutes instead of the week most orgs currently budget. Regulated customers can also export to their existing GRC tooling (Vanta, Drata, Secureframe) via webhook.