Intent-Code Divergence
High
- Confidence
- 95% confidence
- Finding
- The code comments assert that no PHI is stored after the LLM call, yet the service sends raw patient context to a third-party LLM and shows no de-identification, retention controls, BAA enforcement, or deletion workflow. In a healthcare context, this can result in unauthorized disclosure of sensitive patient data and create regulatory and contractual compliance risk.
