Tenet reduces PHI exposure risk in Claude Cowork workflows. It does not eliminate it. The following limitations apply in all deployment contexts.
Tenet uses ML models and regex patterns to identify PII and PHI. Detection operates at configurable confidence thresholds — values below threshold are not flagged. Missed detections (false negatives) are possible, particularly for PHI embedded in unstructured prose, non-standard formatting, or domain-specific terminology not represented in training data.
Tenet's pattern matching generates false positives on code identifiers, URLs, port numbers, and numeric sequences that resemble structured PHI (e.g. MRNs, SSNs). Teams processing code-heavy content should expect and tune for this.
Tenet intercepts tool outputs after they are returned to Claude's context. For PostToolUse hooks, tool outputs containing PHI reach Claude's context window before Tenet can redact them. Tenet can issue advisory warnings in this scenario but cannot prevent initial exposure. This is a current architectural limitation of the MCP hook system, not a configuration issue.
Tool outputs from Task and subagent calls are not scanned by Tenet. PHI returned through these execution paths is not inspected.
Several built-in patterns — including URL_WITH_ID and MRN_CONTEXT — are broad by design and may self-match on non-PHI content. Review default pattern configuration before deploying in production.
Tenet runs locally and redacts before transmission to Anthropic's API. It does not prevent Claude Code from transmitting data independently, and cannot guarantee 100% interception coverage across all Claude Cowork execution paths.
In development mode, fail_open: true is set by default. If the Tenet server is unreachable, operations proceed uninspected. Production deployments should set fail_open: false explicitly.
Values added to the allowlist are never scanned, regardless of context. Misconfigured allowlists are a source of undetected PHI exposure.
TENET IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
Tenet is not a certified HIPAA compliance solution. Use of Tenet does not make your organization HIPAA compliant, does not satisfy any specific HIPAA technical safeguard requirement in isolation, and does not constitute legal or compliance advice of any kind.
No Business Associate Agreement is offered with the open-source version of Tenet. Organizations subject to HIPAA that require a BAA with their tooling vendors must obtain that agreement separately from all applicable vendors, including Anthropic.
Detection is probabilistic. Tenet's PHI detection is based on machine learning models and pattern matching. It is not deterministic and does not guarantee identification of all PHI in all contexts. False negatives will occur.
Users are solely responsible for their own HIPAA compliance obligations, including but not limited to administrative safeguards, physical safeguards, access controls, breach notification, and BAA execution. Tenet Labs assumes no liability for compliance failures, data breaches, regulatory penalties, or other harm arising from use of this software.
IN NO EVENT SHALL TENET LABS BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY ARISING FROM, OUT OF, OR IN CONNECTION WITH THE SOFTWARE OR ITS USE.
Tenet addresses one narrow slice of HIPAA's technical safeguard requirements. A covered entity or business associate deploying AI tools in a regulated environment must address the following independently.
Tenet's PHI de-identification capability is designed to support Safe Harbor de-identification under §164.514(b)(2) of the HIPAA Privacy Rule — removing the 18 enumerated identifier categories before data reaches an AI model's context. This is a meaningful control. It is not sufficient on its own.
A BAA is required with every vendor that creates, receives, maintains, or transmits PHI on your behalf. This includes Anthropic if Claude processes PHI in your workflows. Tenet does not provide a BAA and does not mediate your BAA obligations with Anthropic or any other vendor.
Tenet's audit logs may assist in breach investigation and scope determination. Tenet does not provide breach detection, notification workflows, or incident response procedures. These must be established independently.
The research preview is a de-identification tool. Tenet for Enterprises is a compliance program.