FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatoryhealthcareHIPAAPHI

PHI in Model Weights: The Right to Be Forgotten Problem Nobody Wants to Talk About

By Basel IsmailApril 30, 2026

PHI in Model Weights: The Right to Be Forgotten Problem Nobody Wants to Talk About

When you delete a row from a database, it is gone. You can verify the deletion, log it, and prove to a regulator that the data no longer exists in your system. This is how most compliance frameworks assume data works. It is also completely incompatible with how fine-tuned machine learning models store information.

If your organization has fine-tuned a model on data that includes protected health information, you have a problem that does not resolve neatly. The information is encoded in the model's weights, distributed across millions or billions of parameters in ways that are neither human-readable nor individually addressable. You cannot point to a specific weight and say "this is where we stored Jane Doe's cancer diagnosis." The information is everywhere and nowhere at once.

This creates real regulatory exposure under both GDPR and HIPAA, and the industry has been remarkably quiet about it.

Why Deletion Does Not Work the Way Regulators Expect

GDPR Article 17 gives data subjects the right to erasure. When someone exercises that right, the controller must delete personal data without undue delay. The regulation contemplates exceptions for public interest, legal claims, and a few other scenarios, but none of those exceptions say "unless the data has been mathematically dissolved into a neural network."

The Article 29 Working Party (now the European Data Protection Board) has been clear that anonymization must be irreversible. Research from teams at UC Berkeley, Google, and ETH Zurich has repeatedly demonstrated that training data can be extracted from model weights. A 2023 paper from Google DeepMind and collaborators showed they could extract over a gigabyte of training data from ChatGPT, including personally identifiable information. If PHI was in the training set, the model becomes a vessel for that PHI, and extraction attacks are only getting better.

Under HIPAA, the calculus is different but equally uncomfortable. If a covered entity or business associate experiences a breach involving PHI, 45 CFR 164.404 requires notification to affected individuals within 60 days. The breach response framework assumes you can identify what was compromised, contain the exposure, and remediate. But if PHI is baked into model weights, containment means retiring or retraining the entire model. For large language models, retraining from scratch can cost millions of dollars and take weeks or months of compute time.

The "Machine Unlearning" Gap

There is an active research area called machine unlearning that tries to address exactly this. The goal is to remove the influence of specific training examples from a model without full retraining. Some approaches are promising. Google ran a Machine Unlearning Challenge in 2023 to spur development. But the honest state of the field is this: no production-ready, regulator-accepted method exists for certifiably removing a specific individual's data from a fine-tuned model.

Approximate unlearning methods exist, including gradient ascent approaches and influence function techniques, but they come with trade-offs in model performance and, critically, no formal guarantee that the data's influence has been fully removed. The EDPB has not issued guidance accepting approximate unlearning as compliant with Article 17. Neither has HHS OCR addressed it in the context of HIPAA.

So right now, if you fine-tune on PHI and someone requests deletion or you discover a breach, your options are: retrain from scratch without the offending data, or try to argue that the information is sufficiently "anonymized" within the weights. The first option is expensive and slow. The second is a legal argument that has not been tested and that extraction research increasingly undermines.

Why Architecture Choices Matter Before You Train

This is where model selection and system architecture become compliance decisions, not just engineering ones.

A retrieval-augmented generation (RAG) architecture fundamentally changes the data residency equation. In a RAG setup, the model itself does not contain your sensitive data. Instead, the model generates responses by referencing an external knowledge base at inference time. The PHI lives in a database or document store that you control, index, and can delete from in the traditional sense.

Want to honor an Article 17 request? Delete the relevant documents from your retrieval index. Need to respond to a HIPAA breach? You can identify exactly which records were exposed, contain them, and demonstrate remediation to OCR. The model weights remain clean because they were never contaminated with PHI in the first place.

The Practical Differences

Fine-tuned model with PHI in training data: Deletion requires full retraining. Breach scope is ambiguous. You cannot produce an audit log showing what PHI the model "knows." Regulators will ask questions you cannot answer.
RAG architecture with PHI in retrieval store: Deletion is a database operation. Breach scope is identifiable. Access controls, audit logs, and encryption apply to the data store using well-understood patterns. You can demonstrate compliance using existing frameworks.
Base model with no PHI exposure: No deletion problem exists at the model layer. Your compliance obligations attach to the data pipeline and storage, where you already have tooling and processes.

There are legitimate reasons to fine-tune. If you need the model to understand domain-specific terminology, clinical note structures, or specialized reasoning patterns, fine-tuning on synthetic or properly de-identified data can be valuable. The key distinction is what goes into the training set. Fine-tuning on format and style using synthetic examples is very different from fine-tuning on actual patient records.

Regulatory Trajectory

The EU AI Act, which entered into force in August 2024, introduces additional obligations around training data documentation and transparency. Article 10 requires providers of high-risk AI systems to use training data that meets specific quality criteria, and to document data governance practices including "identification of any possible data gaps or shortcomings." If you cannot account for PHI in your training data, you have a documentation gap under the AI Act on top of your GDPR exposure.

In the U.S., HHS OCR has been increasingly active on AI and PHI. The December 2023 HHS final rule on information blocking and the ongoing updates to the HIPAA Security Rule signal that regulators are paying attention to how AI systems handle protected data. The NIST AI Risk Management Framework (AI RMF 1.0) also calls out data privacy as a key dimension of trustworthy AI, though it stops short of prescriptive requirements.

State-level activity adds another layer. The California Delete Act (SB 362), effective January 2026, creates a centralized deletion mechanism for data brokers. While it does not directly address model weights, it reflects a legislative trend toward stronger deletion rights that will eventually collide with AI training practices.

How FirmAdapt Addresses This

FirmAdapt's architecture is built around RAG by design, specifically because of the compliance problems described above. PHI and other sensitive data remain in access-controlled, auditable data stores that support standard deletion, retention, and breach response workflows. The AI models FirmAdapt deploys never ingest customer PHI into their weights, which means Article 17 requests and HIPAA breach containment operate the same way they would for any well-managed database.

FirmAdapt also maintains audit trails at the retrieval layer, so you can demonstrate to regulators exactly which data was accessed, by whom, and when. For healthcare organizations navigating both HIPAA and GDPR (common for any entity treating EU residents or partnering with EU institutions), this architecture eliminates the model-weight deletion problem entirely rather than trying to engineer around it after the fact.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free