How mature is your Data & AI organization?Take the diagnostic
All trainings

AI TRAINING

HIPAA-Adjacent AI Compliance for Small Clinics

Leave knowing how to use AI tools in your clinic without putting patient data at risk.

Format
workshop
Duration
6–8h
Level
literacy
Group size
4–15
Price / participant
€350–€700
Group price
€3K–€8K
Audience
Practice managers and clinic owners at 5–50 person healthcare practices adopting AI tools
Prerequisites
No technical or legal background needed; basic familiarity with at least one AI tool (e.g. a transcription or chatbot service) is helpful

What it covers

A focused one-day workshop for small clinic owners and practice managers covering the practical compliance steps required when adopting AI tools that touch patient health information. Participants learn how to evaluate vendor agreements, configure AI scribes and chatbots safely, maintain audit trails, and update patient consent processes. The format blends short instruction blocks with hands-on scenario reviews using real clinic workflows. No legal background required — the goal is operational confidence, not legal expertise.

What you'll be able to do

  • Identify which AI vendor agreements require a BAA and flag missing clauses before signing
  • Rewrite or sanitise a clinical prompt to remove or pseudonymise PHI before submission to an AI tool
  • Set up a simple audit log template that documents AI tool access and outputs for your clinic
  • Update a patient consent or privacy notice to lawfully disclose AI use in care delivery
  • Execute a documented first-response checklist within 24 hours of a suspected PHI-related AI incident

Topics covered

  • What HIPAA-adjacent means for AI tools and when full HIPAA obligations apply
  • Reviewing and negotiating Business Associate Agreements (BAAs) with AI vendors
  • PHI-safe prompting: what to include and what to never send to an AI
  • Evaluating AI scribe and transcription tools for clinical use
  • Setting up audit trails and access logs for AI-assisted workflows
  • Updating patient consent forms and privacy notices for AI use
  • Incident response steps when a potential PHI breach involves an AI tool
  • Vendor due diligence checklist for AI procurement in small clinics

Delivery

Delivered in person or via live virtual session (max 15 participants for effective discussion). Includes a printed/digital compliance checklist, BAA review worksheet, sample consent language, and a PHI-safe prompting reference card. Approximately 40% instruction and 60% hands-on scenario work. A follow-up 60-minute Q&A session can be added 2–4 weeks post-workshop to review real vendor agreements participants have sourced.

What makes it work

  • Designating one staff member as the AI compliance point-of-contact who owns the vendor checklist and audit log
  • Building PHI-safe prompting guidelines into onboarding for any new clinical or admin hire
  • Scheduling an annual review of all AI vendor BAAs and consent language alongside existing HIPAA reviews
  • Running a tabletop incident response drill within 30 days of completing the workshop

Common mistakes

  • Assuming a free-tier or consumer AI tool is HIPAA-compliant because the vendor markets to healthcare
  • Sharing full patient notes or identifiers in AI prompts without reviewing the vendor's data retention policy
  • Skipping BAA review because the tool 'only does transcription' — scribe tools process PHI by definition
  • Treating a one-time consent update as permanent without revisiting it as AI use evolves in the practice

When NOT to take this

This workshop is not the right fit for a hospital or multi-site group practice with a dedicated compliance officer and legal team — they need a full HIPAA programme with policy-writing and staff certification tracks, not a one-day SME primer.

Providers to consider

Sources

This training is part of a Data & AI catalog built for leaders serious about execution. Take the free diagnostic to see which trainings your team needs.

Run the diagnosticBook a call