Strict-schema LLM outputs: what we learned shipping to a HIPAA environment

Most LLM tutorials show structured output as a one-liner: pass a Pydantic model, get back validated JSON, ship it. In production with PHI on the line, that one-liner is the easy 20% of the problem. The other 80% is what happens when the schema validates but the data is still wrong, when the model returns a JSON that passes type checks but contains hallucinated content, or when a field that should be redacted slips through because the schema only knew about its shape.