Updated 2025: Looking for a Business Associate Agreement? Download our FREE template.

Free BAA Download
Total HIPAA Logo

Artificial Intelligence in HIPAA Compliance

artificial intelligence in healthcare

What is AI?

Artificial intelligence is the science of making machines that can learn, similar to the ways humans do. AI technology can process large amounts of data in ways that humans can’t. Machines and programs that incorporate AI in their design are able to recognize patterns and make decisions based on their experience of a dataset and therefore their ability to predict what would come next in a pattern.

How does AI work?

From the SAS institute: “AI adapts through progressive learning algorithms to let the data do the programming. AI finds structure and regularities in data so that algorithms can acquire skills. Just as an algorithm can teach itself to play chess, it can teach itself what product to recommend next online.”

What is AI good for?

Artificial intelligence has been a subject of study since the 1950’s. Practical applications for this method of programming have varied over time. Finally, we live in a time with enough data to make use of AI’s ability to recognize and predict patterns. So far many of the applications for using artificial intelligence in healthcare are behind the scenes and not available to the general public. The idea is that by training these models on data belonging to patients with health conditions, a program might be able to recognize correlation between patterns in data sets that humans haven’t noticed and therefore lead to earlier diagnostic capabilities and all sorts of insights. Most people are not familiar with the uses for AI in healthcare unless they are studying that science specifically. But there is one common application of AI that most people are familiar with, and that is the language model.

What is a language model?

Programs that make use of an AI language model are designed to generate language that makes sense to a human reader. By having a “conversation” with the language model, the program gathers information about the language it is given and it returns language that should make sense given the context of the topic provided and all the other conversations and articles (language data) it has been trained on. 

The fascinating effect of successfully creating an AI language model, especially a chat bot, is that the user experiences the sensation that they are speaking with an intelligent being. This effect is similar to face pareidolia – the phenomenon of seeing faces in everyday objects. Depending on the topic the chatbot is generating language about, the user could experience a very emotional and seemingly intimate moment with a machine because of the generated language. 

Do language models generate truth?


As far as the author of this article understands it, there is no correlation between the content of the language generated by a chatbot and the accuracy of the information being communicated. The goal of the program is to make sense grammatically and contextually; to use words that the reader will relate to and potentially find useful. It’s important to remember that even though artificial intelligence is generating language, that doesn’t mean that it is thinking about that language as a representation of our world. It’s only facet of intelligence is based on creating more language that fits a variety of feasible patterns of communication. There was a time in the language model’s existence when nothing it generated made sense, and over the course of its learning experience it was able to learn how to pick up on increasingly complex uses of language. Whether or not the words generated are true should always be verified and not taken at face value. Some truths are logical or emotional, but when it comes to information, the scientific method requires rigorous review before it makes facts of language that makes sense in theory.

What is an AI chat bot good for?

Well-trained language models can be used for anything that requires communication, but the accuracy of the information shouldn’t be left up to the artificial intelligence to determine. A good use of this tool would be to summarize existing articles or to write a first draft of a document with all the basic information provided by a human. Users can tell a language model exactly what they are looking for as far as tone, and they can ask the AI to rewrite sentences and create summaries which is useful for creating HIPAA Policies and Procedures for Privacy and Security of PHI. Just keep in mind that the goal of the program is to make grammatical and emotional sense- it doesn’t measure factualness.


What is an AI chat bot not good for?

Artificial intelligence means machines can learn, it doesn’t mean machines can know. Just because something is written down and makes sense doesn’t make it true. Using a chat bot to create policies and procedures for HIPAA privacy and security from start to finish would be very similar to adopting policies from another company or purchasing a non-customized template. It’s really just lip service to HIPAA, where as filling out a risk assessment and creating your policies from that is actual compliance.

Read more about adopting policies in this article: How to Fail a HIPAA Audit


Upcoming Webinar: Join us September 20th at 2pm EST to discuss how AI is being used in HIPAA

For step by step support and guidance in HIPAA compliance, consider trying HIPAA Prime. You’ll gain access to our team of experts who will create policies and procedures specifically for your business. Book a Clarity Call today to learn more about HIPAA Prime!

Further Reading on AI:

  1. https://hai.stanford.edu/news/language-models-are-changing-ai-we-need-understand-them
  2. https://medium.com/@diamond_io/artificial-intelligence-101-everything-you-need-to-know-to-understand-ai-8e20fe4bd750
  3. https://www.simplilearn.com/tutorials/artificial-intelligence-tutorial/what-is-artificial-intelligence#:~:text=Artificial%20Intelligence%20is%20a%20method,develops%20intelligent%20software%20and%20systems.
  4. https://www.linkedin.com/pulse/artificial-intelligence-101-understanding-basics-ai/

Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.


Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

State of HIPAA Compliance in 2025

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document
Register for Webinar

Related Posts

Essential Guide to Email Authentication and Deliverability: How to Configure DMARC, SPF, and DKIM Records

Essential Guide to Email Authentication and Deliverability: How to Configure DMARC, SPF, and DKIM Records

Essential Guide to Email Authentication and Deliverability: How to Configure DMARC, SPF, and DKIM Records
*This process is technical and requires access to your Domain Name Server (DNS). It’s recommended to have an IT professional handle these configurations to avoid potential issues. If you proceed yourself, back up your current settings with screenshots or copies before making any changes.
Organizations rely heavily on email for marketing and communication, making it a prime target for malicious actors. Phishing, spoofing, and other email attacks can inflict significant financial and reputational damage. In response to this growing threat, email providers are tightening their security measures, and businesses that aren’t paying attention risk having their emails blocked.
A recent announcement from Microsoft, highlighted in their Tech Community blog, highlights that Outlook is implementing stricter requirements for high-volume senders to protect users from unwanted and potentially harmful messages. This move serves as a clear signal: email authentication is no longer optional – it’s required for all organizations, regardless of their sending volume.
The key to making sure your emails reach their intended recipients is all in the configuration and alignment of your Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) records. These protocols verify an organization actually sent the emails and tells receiving servers your messages are legitimate and shouldn’t be sent to spam folders or blocked.
What makes SPF, DKIM, and DMARC so crucial?
SPF (Sender Policy Framework): This record lists the authorized mail servers permitted to send emails on your behalf. When your email server receives an email, it checks it and verifies if the sending server’s IP address matches the list in your SPF record. This helps prevent attackers from spoofing your domain using unauthorized servers.
DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to your outgoing emails. This signature is cryptographically linked to your domain and verified by the receiving server using a public key published in your DNS records. DKIM ensures the integrity of the email content and confirms that it hasn’t been tampered with in transit.
DMARC (Domain-based Message Authentication, Reporting & Conformance): DMARC builds upon SPF and DKIM. It tells receiving servers what to do with emails that fail SPF and/or DKIM checks. You can set policies to “none” (monitor), “quarantine” (send to spam), or “reject” (block). DMARC also enables reporting, allowing you to gain valuable insights into who sends emails using your domain and identify potential spoofing attempts.
Microsoft’s Stance: A Wake-Up Call
The stricter requirements being implemented by Outlook for high-volume senders emphasize the need for organizations to set up and review their authentication protocols. While the current focus is on high-volume senders, it is clear: email providers are looking for authenticated mail. Failing to correctly set up your DMARC, SPF, and DKIM records will lead to deliverability issues of emails.
What Your Company Needs to Do Now:
Regardless of size or email volume, every company should take the following steps to make sure its email authentication is configured correctly. Here’s a checklist:
Audit Your Existing Records: Check for existing SPF, DKIM, and DMARC configurations. Are they accurate and up-to-date?
Implement Missing Records: If you are missing any of these records, add them immediately. *Consult with your IT team or email service provider for guidance.
Check Alignment: It’s crucial to make sure there is alignment between your SPF, DKIM, and DMARC records. This means that the domain used for SPF and the signing domain in DKIM should match the “From” address domain in your emails. DMARC relies on this alignment to function effectively.
Start with a Monitoring Policy: For DMARC, it’s often best to start with a “none” policy to monitor how your emails are being handled and identify any legitimate sending sources that might not be properly authenticated.
Gradually Enforce Stronger Policies: Once you clearly understand your email flows and have addressed any authentication issues, move gradually towards stronger DMARC policies like “quarantine” or “reject” to protect your domain from spoofing actively.
Regularly Review and Update: The email landscape is constantly changing. Regularly review and update your authentication records as needed, especially when changing your emails or third-party sending services.
The Benefits of Proper Email Authentication:
Properly configuring and aligning your DMARC, SPF, and DKIM records offers significant benefits:
Improved Email Deliverability: Your legitimate emails are more likely to reach the inbox, avoiding spam folders and blocks.
Enhanced Brand Reputation: Protecting your domain from spoofing builds trust with your recipients and safeguards your brand’s reputation.
Increased Security: You significantly reduce the risk of using your domain for phishing and other malicious activities.
Compliance with Evolving Standards: By staying ahead of the curve, you ensure your email practices align with the increasingly stringent requirements of email providers.
The message is clear: email authentication is no longer optional. The recent emphasis from major providers like Microsoft underscores its critical importance in maintaining reliable and secure email communication. By taking the steps to audit and align your DMARC, SPF, and DKIM records, your organization can protect itself, customers, and reputation. Don’t wait until your emails are blocked – act now to secure your email.
Have questions or need help with your HIPAA compliance? Schedule a call with our experts today. https://www.totalhipaa.com/get-started/
To check your DMARC Records go here
https://www.totalhipaa.com/dmarc-lookup-free/
All records, a free and easy tool to use
https://easydmarc.com/

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Save Cart & Generate Link
Send Cart in an Email Done! close
Empty cart. Please add products before saving :)

Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Send Cart Email
Your cart email sent successfully :)