AI, PHI, and HIPAA – Get This One Right
AI is transforming healthcare, but compliance still matters. Discover how chiropractic physicians can safely use AI while protecting patient information and avoiding HIPAA risks.
Transcript:
Artificial intelligence continues to improve, and those using it, the numbers continue to increase. And so we just want to remind you all of a couple of things. First of all, yes, it’s okay to use AI. In fact, I would encourage you, that’s why we, as the Illinois Chiropractic Society, put together Paxson, which is a trained AI specifically trained on things related to chiropractic, the chiropractic profession, and more specifically chiropractic here in Illinois, and can answer many questions that you have.
Advertisement
However, what we do want to do is caution you. We want to make sure that you are cautioned about putting in any kind of protected health information into any artificial intelligence. So no AI model should you be putting any kind of PHI into directly, unless – and this is the key word – unless you have a business associate agreement in place, so we know that many of your EHR systems have built-in AI components, whether it be ambient listening or any other type of capacity that helps speed up things for you or improve your experience with the EHR system. AI is a phenomenal tool that can help with that. For those, you have business associate agreements in place, and the appropriate levels of security have been installed in those instances.
However, if you’re using a normal engine, say a normal large language model, such as maybe Gemini or ChatGPT or Claude or Perplexity, or whatever the case might be, or even, by the way, even Paxson, you don’t want to put any kind of protected health information. In other words, if you need that, if you want AI to help you craft a letter for different things, maybe you’ve got to, you want to craft a letter because you need to notify a patient that you’ve had to move their appointment or change their appointment. You want to make sure that it sounds professional. That’s fine. Do not put the patient’s name into the into that large language model into that AI system, into that chat box, if you will. Don’t do that, and the reason is because you don’t have a business associate agreement in place, so you don’t want to upload your database and have it give you all kinds of statistics. You don’t want to include names or patient names with with your with your query, or your prompt, if you will, of any AI model, unless you have that business-associated agreement in place.
So be very careful in this area. Don’t add PHI into any system that you don’t have a business associate agreement in place with. And hopefully this keeps you, keeps you safe. And we’ll catch you next week.
