The most common response I get when talking to Michigan practice managers about AI is some version of: "We'd love to — but HIPAA."

It's understandable. HIPAA compliance is serious, the penalties are real, and healthcare practices have been burned by vendors who didn't understand the rules. Caution makes sense.

But in 2026, the "HIPAA blocks AI" belief is outdated — and it's costing Michigan practices real money in administrative time they can't afford to lose.


The HIPAA Myth That's Keeping Practices Stuck

The widespread belief is that using AI requires sharing protected health information (PHI) with a third-party AI provider, which violates HIPAA.

This is not accurate. HIPAA explicitly allows healthcare providers to share PHI with third-party vendors who are "business associates" — as long as a Business Associate Agreement (BAA) is in place. A BAA is a contract in which the vendor agrees to safeguard PHI according to HIPAA requirements. This is the same mechanism your practice already uses with your EHR vendor, your billing company, your lab, and your answering service.

The question for AI is not "can we share PHI with an AI provider?" The question is "does this AI provider offer a BAA?"


Which AI Providers Offer HIPAA BAAs (In 2026)

ProviderBAA AvailableNotes
Anthropic (Claude API) ✅ Yes Enterprise API for healthcare use cases; required for PHI processing
Microsoft Azure ✅ Yes Covers Azure OpenAI Service for HIPAA-covered entities
Google Cloud ✅ Yes Vertex AI + Healthcare API; thorough compliance documentation
Amazon AWS ✅ Yes Covers most services; widely used in large health systems
ChatGPT.com (browser) ❌ No Consumer product — no BAA, do not use with PHI
Claude.ai (consumer) ❌ No Consumer product — no BAA, do not use with PHI

The critical distinction is enterprise API with BAA vs. free consumer product without BAA. When your staff uses ChatGPT.com to draft a patient letter, that is a HIPAA problem. When your practice deploys a custom AI built under a BAA, it is not.

Ready to see what this looks like for your operation?
Free 30-minute strategy call. Written summary within 48 hours. Zero obligation.
Book a Free Strategy Call

The Three Workflows Where Michigan Practices Are Losing the Most Time

1. Prior Authorization

Prior authorization is the single largest administrative burden in most practices — and the one with the highest AI ROI.

The current process at most practices: a staff member reads an incoming referral or order, extracts the relevant diagnosis codes, pulls the patient's insurance and history, fills out a payer-specific form or portal, submits, and then waits — checking back regularly for approval or denial, sometimes for days.

An AI-powered prior auth workflow can:

Result at Michigan practices that have deployed this: prior auth time drops from 18–25 hours per week to 3–5 hours per week. Same staff, same patients — without the manual data handling.

2. Patient Communication and Follow-Up

After-visit follow-up, appointment reminders, no-show management, post-procedure check-ins, referral coordination. All of these are time-intensive communication tasks that are mostly templated and don't require clinical judgment — but they eat hours of staff time every week.

AI can handle the templated portions while flagging any patient responses that require actual clinical engagement. Practices using AI-assisted patient communication report 30–40% reductions in administrative time spent on communication.

3. Clinical Documentation

AI scribing — using AI to generate clinical notes from recorded or structured encounter data — is the fastest-growing use case in healthcare AI. Physicians typically spend 2–3 hours per day on documentation. That's 10–15 hours per week per physician that is not patient care.

AI documentation tools, properly configured under a BAA, can generate initial note drafts that physicians review and sign. Time savings of 60–90 minutes per physician per day are documented in published research.


What "HIPAA Compliant" Actually Means in Practice

For a Michigan practice deploying AI, HIPAA compliance means:

  1. Choose a vendor with a signed BAA. No BAA = no PHI. Period.
  2. Conduct a risk assessment. Adding AI is a new technology that should be included in your periodic security risk assessment.
  3. Document the deployment. Your compliance records should include what AI tool is deployed, what PHI it processes, the BAA, and training records.
  4. Train your staff. Your staff should know which AI tools are approved for PHI and which are not.
  5. Build an off-ramp. Your AI workflow should have defined exception handling for cases requiring human clinical judgment.

None of this is unusual or burdensome. It's the same diligence you already apply to any new vendor.


A Realistic AI Pilot for a Michigan Practice

The fastest path from "curious but cautious" to "running with data" is a 6-week pilot.

Pilot Structure

Week 1–2: Discovery and design. Map the prior auth workflow, identify the highest-volume payers, document the current process.
Week 3–4: Build and test. Deploy the AI layer, connect to existing EHR workflow (without replacing it), test with 10–15 cases under staff supervision.
Week 5–6: Live operation. Staff runs the workflow, AI handles the data, exceptions escalated. Track time vs. baseline.

What a Michigan 5-Provider Practice Typically Finds After 6 Weeks

Prior auth time: 22 hrs/week → 4 hrs/week (18 hours recovered)
Authorization turnaround: 3–5 days → same-day in 80% of cases
Labor cost savings at $22/hr: $396/week → $20,592/year
Project cost: $12,000–$18,000
Payback period: 7–11 months


The Michigan Grant Angle

Michigan practices can access two grant programs that directly apply to AI deployments:

Michigan Going PRO Talent Fund
Covers the training component of any AI project — staff instruction on using the new system. $2,000 per trained employee ($3,500 per USDOL Registered Apprentice). Applied through your local Michigan Works! office. Applications must be submitted before training begins.

Michigan Health Endowment Fund
Grants for Michigan healthcare organizations implementing patient care technology. Accepted quarterly. $10,000–$500,000 range. Focus on underserved communities and smaller organizations.

For a $15,000 AI pilot, grant funding commonly reduces the net cost to $8,000–$10,000.

Your HIPAA Questions Answered — Before You Commit to Anything

Book a free 30-minute strategy call. We'll walk through your specific compliance situation, identify which workflows have the clearest AI ROI, and show you exactly which Michigan grants apply. Written summary within 48 hours.

Book a Free Strategy Call

American AI Solutions LLC  ·  Southgate, Michigan  ·  david04calderon@gmail.com

American AI Solutions LLC builds HIPAA-compliant AI systems for Michigan healthcare practices under Business Associate Agreements with Anthropic, Microsoft Azure, and Google Cloud. We specialize in prior authorization automation, patient communication AI, and clinical documentation support for private practices and specialty clinics across Michigan.