#109 - AI & HIPAA Compliance: What’s Allowed, What’s Risky, and How to Do It Right episode artwork

EPISODE · Nov 19, 2025 · 53 MIN

#109 - AI & HIPAA Compliance: What’s Allowed, What’s Risky, and How to Do It Right

from The Healthcare Compliance Step-By-Step Podcast · host EPICompliance

When AI enters clinical and administrative workflows, privacy rules and safety expectations come with it. In this practical session, we translate HIPAA requirements into plain English and apply an "AI-assisted, not AI-controlled" model to real-world scenarios. You'll see how to use AI tools without disclosing more PHI than necessary, how to apply Minimum Necessary and de-identification in everyday workflows, and how to keep clinicians clearly in charge. Key Topics:Identify appropriate AI use cases in healthcare and apply Minimum Necessary, de-identification, and data minimization in each workflow.Know when a Business Associate Agreement (BAA) is required, what to ask vendors about data use, logging, and model training, and how to build clear audit trails for scribe, coding, and prior auth tools.Close policy gaps, monitor accuracy and drift, and retain evidence for six years to satisfy HIPAA and payer expectations.Resources:Learn more about healthcare compliance systems: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠epicompliance.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Explore healthcare compliance training and weekly webinars: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠epicompliance.com/training-in...⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Originally Recorded: November 18, 2025.

When AI enters clinical and administrative workflows, privacy rules and safety expectations come with it. In this practical session, we translate HIPAA requirements into plain English and apply an "AI-assisted, not AI-controlled" model to real-world scenarios. You'll see how to use AI tools without disclosing more PHI than necessary, how to apply Minimum Necessary and de-identification in everyday workflows, and how to keep clinicians clearly in charge. Key Topics:Identify appropriate AI use cases in healthcare and apply Minimum Necessary, de-identification, and data minimization in each workflow.Know when a Business Associate Agreement (BAA) is required, what to ask vendors about data use, logging, and model training, and how to build clear audit trails for scribe, coding, and prior auth tools.Close policy gaps, monitor accuracy and drift, and retain evidence for six years to satisfy HIPAA and payer expectations.Resources:Learn more about healthcare compliance systems: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠epicompliance.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Explore healthcare compliance training and weekly webinars: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠epicompliance.com/training-in...⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Originally Recorded: November 18, 2025.

NOW PLAYING

#109 - AI & HIPAA Compliance: What’s Allowed, What’s Risky, and How to Do It Right

0:00 53:53

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The Healthcare Compliance Step-By-Step Podcast?

This episode is 53 minutes long.

When was this The Healthcare Compliance Step-By-Step Podcast episode published?

This episode was published on November 19, 2025.

What is this episode about?

When AI enters clinical and administrative workflows, privacy rules and safety expectations come with it. In this practical session, we translate HIPAA requirements into plain English and apply an "AI-assisted, not AI-controlled" model to real-world...

Can I download this The Healthcare Compliance Step-By-Step Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!