Is AI HIPAA Compliant? | What Chiropractors Must Know About AI and EHR Security

Understanding AI and HIPAA Compliance in Chiropractic

Hot Topics from the KMC University HelpDesk

Artificial intelligence (AI) has quickly become a buzzword in healthcare, but along with innovation comes new compliance risks. Chiropractors are now seeing AI features integrated into their Electronic Health Record (EHR) systems. These tools can automate tasks, analyze data, and even assist in patient communication. But before using them, providers must ask an essential question: Is AI HIPAA compliant?

---

What HIPAA Says About AI in Healthcare

The short answer? It depends. AI itself isn’t automatically compliant or noncompliant, it’s all about how it’s used. HIPAA compliance relies on the security and privacy of Protected Health Information (PHI). If AI tools access, process, or transmit PHI, providers must ensure that all safeguards meet HIPAA standards.

To comply, chiropractors must understand:

• Where patient data resides
• How it’s transmitted and processed
• Who has access to it, and under what terms

Know the Rules Before You Use AI

The U.S. Department of Health and Human Services (HHS) has already begun addressing this issue. A final rule for EHR vendors (effective in 2025) requires developers to disclose exactly how they collect, use, and secure data within AI-enabled tools.

If your EHR provider offers new “AI add-ons” or features, request written proof of compliance:

• Ask for an updated Business Associate Agreement (BAA)
• Request documentation explaining how PHI is managed and protected
• Verify whether new features are covered under your existing agreement

Remember, a vendor’s overall HIPAA compliance doesn’t automatically extend to every new AI service they release. Always confirm inclusion in writing.

Shared Responsibility: Your Role in HIPAA Compliance

HIPAA compliance is a shared responsibility between the provider and the vendor. Even if your vendor claims their software is compliant, you still have to maintain proper configurations and internal safeguards.

For example, if your clinic uses Microsoft 365, you can sign a BAA with Microsoft. However, only certain Microsoft services are HIPAA compliant, and you are responsible for enabling the required settings and monitoring their use. The same logic applies to AI tools.

Before activating any AI feature, ensure that:

• You have a signed BAA covering that specific service
• You’ve configured all recommended security settings
• You have policies, protocols, and staff training in place
• You’re actively monitoring use and access

Best Practices for Chiropractic Offices Using AI

1. Verify Vendor Compliance: Don’t rely on marketing claims. Ask for written documentation.
2. Update Your BAAs: New services often require new agreements.
3. Limit PHI Exposure: Use the minimum necessary patient information for any AI application.
4. Train Your Staff: Everyone must understand how to safely use AI-integrated tools.
5. Monitor and Review: Conduct regular HIPAA risk assessments to identify vulnerabilities.

The Bottom Line

AI offers exciting opportunities for healthcare, but compliance must come first. Chiropractors using AI tools in EHR systems must understand their responsibilities under HIPAA. By verifying vendor compliance, maintaining proper documentation, and monitoring usage, you’ll protect your patients, and your practice, from unnecessary risk.

If you’re unsure whether your systems meet current standards, KMC University can help. Book a Free Discovery Assessment with our compliance team or take advantage of our free HIPAA assessment to ensure your practice is secure and compliant.