The Evidence Layer in Healthcare & Biotech AI: HIPAA, 21 CFR Part 11, GxP, GMLP

In banking, an unprovable number costs money and reputation. In healthcare and biotech, an unprovable AI output can cost a life — or invalidate a drug trial that took a decade and a billion dollars. The regulators are different, the acronyms are denser, and the stakes are higher, but the demand from Part 1 is word-for-word identical: prove how you got this result, and prove nothing was silently altered along the way.

This final article maps the life-sciences regulatory stack onto the same evidence-layer thinking, and shows how the traceable-by-construction architecture from Part 2 lands almost component-for-component in a clinical or genomics setting. If you read Part 1, the structure will feel familiar — that's the point. The evidence layer is one idea wearing different regulators' badges.

A Layered Regulatory Stack

Healthcare AI rarely faces one regulation — it faces a stack, and which layers apply depends on what the system does and where it operates. An engineer should know the shape of all of them.

The layers overlap, and that's good news: a single well-designed evidence layer satisfies the common core across all of them, exactly as it did for the three finance regimes in Part 1.

ALCOA+: The Data-Integrity Bedrock

Where finance has "accurate and traceable," life sciences has a more explicit creed: ALCOA+. Any data supporting a regulated decision must be:

Read those again with an AI pipeline in mind. "Attributable" means an agent needs an identity (Part 2, principle 1). "Contemporaneous" means logging happens as the action occurs, not reconstructed later. "Enduring" and "Available" mean immutable, long-lived, queryable storage. ALCOA+ is, almost line for line, a specification for the audit store we designed in Part 2 — written by pharma regulators decades ago.

21 CFR Part 11: Audit Trails for AI

21 CFR Part 11 (and its EU counterpart, Annex 11) governs electronic records and signatures in FDA-regulated work — clinical trials, manufacturing, lab systems. Its central demand is the audit trail: a secure, computer-generated, time-stamped record that captures who, what, when, and why for every creation, modification, or deletion of regulated data. Crucially, it must be independent of the operator — you can't be able to edit your own audit trail.

For AI, this has a sharp edge. If an AI system cleans, imputes, or transforms data in a regulated dataset, every one of those changes is a Part 11 event. The compliant pattern: any data cleaning an AI performs must be either reversible or, at minimum, transparently logged — what was changed, from what to what, by which model version, and why. A model that silently "fixes" a value with no audit entry has just corrupted a regulated record, however good its intentions.

GMLP: Governing the Model Across Its Lifecycle

For AI/ML that functions as a medical device, the FDA — together with Health Canada and the UK's MHRA, and now harmonized through an IMDRF guiding document finalized in January 2025 — defines Good Machine Learning Practice (GMLP): ten guiding principles covering the total product lifecycle. The ones with the most direct architectural consequences:

• Representative data. Training and test data must reflect the intended patient population — and you must be able to show that, which means data lineage on your training sets, not just your inference inputs.
• Robust engineering & data integrity. The same software-quality and data-quality discipline as any safety-critical system.
• Human oversight. The clinician stays in the loop; the human-in-the-loop gates from Part 2 are mandatory here, not optional.
• Lifecycle monitoring (Principle 10). Deployed models are monitored for performance drift, and re-training risk is actively managed — observability isn't a launch metric, it's a perpetual obligation.

The FDA's January 2025 draft guidance pushes this further with a seven-step credibility assessment anchored to the model's context of use and risk — the same risk-based logic as GAMP 5 (below). And for models that learn after deployment, a Predetermined Change Control Plan (PCCP) lets you specify, in advance, what changes are permitted without a new submission — which only works if you can prove the model stayed within that envelope. That proof is, again, the evidence layer.

GAMP 5: Risk-Based Validation

GxP systems must be validated — demonstrated to do what they're supposed to, reliably. GAMP 5 is the industry's risk-based framework for that computer-system validation: scale the rigor to the risk and the intended use. Its modern guidance (including the ISPE GAMP RDI appendix on AI/ML data integrity, 2024) extends the same thinking to AI: assess the model's risk, validate proportionally, and — the recurring theme — use data-lineage tools and version control for datasets and code so the validated state is reconstructable.

The convergence across FDA credibility framing, GMLP, GAMP 5, and ALCOA+ is striking: they all land on the same checklist — risk-based rigor, representative and traceable data, human oversight, and continuous monitoring with an audit trail underneath it all.

The Architecture, in a Clinical Setting

Now watch the Part 2 architecture map onto a clinico-genomics AI — the kind of system that interprets a patient's variants against knowledge bases and drafts a clinician-facing summary. (This builds directly on the clinico-genomics RAG architecture from the earlier AWS series.) The components barely change; only the regulators' names do.

flowchart TB
    subgraph Train["Model lifecycle (GMLP · GAMP 5)"]
        TD["Training data\n(lineage to source: ClinVar, gnomAD…)"]
        MV["Model version + validation records"]
        TD --> MV
    end

    subgraph Serve["Inference (HIPAA · 21 CFR Part 11)"]
        Q["Clinician query"] --> ID["Agent identity + purpose"]
        ID --> GW["🔐 Governed gateway\nde-identify PHI · policy · log"]
        GW --> KB["Knowledge graph + records\n(row/col security)"]
        GW --> GEN["Model: grounded answer\n+ citations + provenance"]
        GEN --> HITL["👩‍⚕️ Clinician review & sign-off"]
    end

    AUDIT["🧾 ALCOA+ audit trail\nattributable · contemporaneous · enduring · immutable"]

    MV -.pinned to each output.-> AUDIT
    GW -.every access.-> AUDIT
    HITL -.approval event.-> AUDIT
    HITL --> OUT["Released result\n(traceable end-to-end)"]
          

The mapping is almost mechanical:

What Changes vs. Finance — and What Doesn't

Two things are genuinely harder in healthcare. First, training-data provenance is in scope, not just runtime data: GMLP and GAMP 5 want lineage on the datasets your model learned from, so you can show the population was representative and the data wasn't contaminated. Finance cares about model inputs; life sciences also cares about the model's upbringing. Second, human oversight is mandatory by regulation, not just prudent — a clinician must stay in the loop, and that loop must be evidenced.

What doesn't change is the spine. Identity, data-layer governance, a mediated and logged access path, decision provenance, an immutable audit trail, and lineage that treats the model as a node rather than a gap — that architecture is invariant across banking and biotech. The regulators wrote their rules independently, decades apart, and converged on the same answer because there is only one good answer to "prove it."

Series Wrap-Up

Across three articles, one idea: regulated industries don't run on trust, they run on evidence, and the evidence layer — lineage in finance, the audit trail in life sciences, observability in agentic AI — is the infrastructure that makes obligations provable. BCBS 239, CCAR, SOX, HIPAA, 21 CFR Part 11, GxP, GMLP, the EU AI Act: different badges, one demand. Design your AI and data systems so that "show me how you got this, and prove nothing was silently altered" always has an answer, and you can build in the most regulated environments on earth. Skip it, and no amount of model quality will save you.