Not all AI tools are HIPAA compliant. If an AI scribe or scheduling bot processes patient data outside your BAA, you have a compliance problem. Here is what to check before adopting any AI tool.
You're evaluating an AI scribe for your practice. It promises to draft your notes automatically. But where does the audio go? Who processes it? Is there a BAA? Does the AI model train on your patient data? These aren't theoretical questions. The HHS Office for Civil Rights fined a mental health practice .25 million in 2024 for using a transcription service that processed PHI without a BAA.
AI in healthcare is moving fast. Compliance has to move faster. This guide covers what makes an AI tool HIPAA compliant, what questions to ask vendors, and why native AI (built into your EMR) is fundamentally different from bolt-on AI tools.
What HIPAA requires for AI tools that process PHI
HIPAA doesn't mention AI specifically. But the Privacy Rule, Security Rule, and Breach Notification Rule apply to any system that creates, receives, maintains, or transmits protected health information. An AI scribe that listens to patient visits? It's processing PHI. An AI scheduling agent that sends appointment reminders with patient names? PHI. An AI billing agent that reads clinical notes to suggest codes? PHI.
The requirements are clear:
Business Associate Agreement (BAA): Any vendor that processes PHI on behalf of your practice must sign a BAA. This is non-negotiable. If the AI tool doesn't offer a BAA, it cannot legally process patient data. Period.
Encryption at rest and in transit: Patient data must be encrypted when stored (AES-256 or equivalent) and when transmitted (TLS 1.2+). This applies to audio recordings, generated notes, and any data the AI processes.
Access controls: Only authorized users should access PHI. The AI system must integrate with your role-based permissions. A front desk staff member shouldn't see clinical notes just because they can access the scheduling module.
Audit logging: Every access to PHI must be logged: who accessed what, when, and what they did with it. This includes AI-generated content. If the AI drafts a note, the audit log should show when the note was created, who reviewed it, and who signed it.
Data retention and disposal: You need to know how long the vendor retains patient data and how it's disposed of. Some AI tools retain audio recordings for model training. If that audio contains PHI and there's no BAA covering retention, that's a violation.
The critical question: does the AI train on your patient data?
This is the question most practices forget to ask. Many AI tools use customer data to improve their models. In healthcare, this creates a serious compliance issue. If your patients' clinical conversations are used to train a general-purpose AI model, that data is being processed in ways your BAA probably doesn't cover.
Ask the vendor directly: "Does your AI model train on data from my practice?" If the answer is yes, ask where the training happens, who has access to the training data, and whether the BAA explicitly covers model training. If they can't answer clearly, that's your answer.
Native AI vs. bolt-on AI: the compliance difference
Native AI (built into the EMR): The AI runs inside the same HIPAA-compliant infrastructure as the rest of the EMR. PHI never leaves the compliant environment. The BAA covers everything: the EMR, the AI features, the data storage. Audit logging, encryption, and access controls are unified. One vendor, one BAA, one compliance scope.
Bolt-on AI (separate tool): The AI tool processes data outside your EMR. PHI is transmitted to a third-party service via API or file transfer. You need a separate BAA with the AI vendor. Data flows through two systems with different security models. If the bolt-on tool has a breach, you're liable even though you didn't build or control the tool.
The compliance risk with bolt-on AI is that every additional vendor that touches PHI expands your attack surface and your liability. Native AI eliminates this by keeping everything inside one compliant system.
Compliance checklist for AI vendors
BAA available: The vendor offers a signed BAA that covers AI-specific processing (audio, NLP, code suggestion). Not just data storage.
SOC 2 Type II audit: The vendor has completed a SOC 2 Type II audit covering security, availability, and confidentiality. Ask for the audit report, not just a statement on their website.
Data residency: Patient data stays in the United States (or your jurisdiction). Some AI tools process data in offshore data centers without disclosing this.
No model training on PHI: The vendor confirms in writing that your patient data is not used to train AI models.
Encryption: AES-256 at rest, TLS 1.2+ in transit. Ask specifically about audio recordings if using an AI scribe.
Access controls: The AI system respects your role-based permissions. It doesn't create a backdoor where all users can see all AI-generated content regardless of their role.
Audit trail: All AI actions are logged: note generation, code suggestions, scheduling actions, and any access to PHI.
Frequently asked questions
Is using ChatGPT for clinical notes HIPAA compliant?
No, not by default. ChatGPT and similar consumer AI tools do not offer BAAs, may use input data for model training, and do not provide the encryption, access controls, or audit logging HIPAA requires. Using them with patient data is a violation. Some vendors offer HIPAA-compliant versions (like Azure OpenAI with a BAA), but the general consumer product is not compliant.
Do I need a separate BAA for AI features in my EMR?
If the AI is native to your EMR, the existing BAA with your EMR vendor should cover it. Confirm this explicitly. If the AI is a bolt-on tool from a different vendor, you need a separate BAA with that vendor.
Can AI appointment reminders include patient names?
Yes. Appointment reminders that include the patient's name, date, time, and provider name are permitted under HIPAA's minimum necessary standard. The reminder must not include diagnosis, treatment, or clinical information.
What happens if my AI vendor has a data breach?
Under HIPAA, both you (the covered entity) and the vendor (the business associate) are liable. The vendor must notify you within the timeframe specified in the BAA (typically 24-72 hours). You must then notify affected patients and HHS. This is why minimizing the number of vendors with PHI access reduces your risk.
The bottom line
AI in healthcare isn't optional anymore. But compliance isn't optional either. The safest path is AI that's native to your EMR: one vendor, one BAA, one compliant system. Every bolt-on AI tool you add is another BAA to manage, another vendor to audit, and another potential breach point. Choose accordingly.
Trustro's AI agents (Receptionist, Scribe, Billing) are native to the EMR. HIPAA compliant, SOC 2 Type II audited, BAA at every tier. See /security for details, or book a demo at /demo.
Related reading
Read more: /blog/what-is-ambient-clinical-scribing
Read more: /blog/ai-medical-coding-accuracy
See how this works in the product: /security