Before you type a single piece of patient information into an AI tool, you need to understand the legal and ethical framework that governs that action. This is not bureaucratic formality, and it is not something you can delegate to your IT department and forget about. The decisions you make at the keyboard have direct implications for your patients’ privacy, your professional licensure, and your institution’s legal exposure.

This course covers what you actually need to know, explained as clearly as possible without legal hedging.

The core HIPAA question and why it matters for AI

HIPAA, the Health Insurance Portability and Accountability Act, governs the use and disclosure of protected health information. Protected health information, or PHI, is any information that could be used to identify a patient in connection with their health status or healthcare. This includes the obvious identifiers like name, date of birth, and medical record number, but also many less obvious ones: zip code, specific dates of service, geographic identifiers smaller than a state, and combination of data elements that together could identify someone even without a name.