A $15M home health agency, a $20M behavioral health group, or a $22M multi-location specialty practice does not need an AI clinical decision support system.
It needs AI that cuts the time its billing team spends drafting payer appeal letters from two hours to twenty minutes, and surfaces which referral sources are declining before the revenue impact becomes visible.
Also drafts the staff communications that the COO has been meaning to send for a week, and produces the operations briefing that gives the CEO a clear picture of the business on Monday morning.
None of this requires a HIPAA Business Associate Agreement negotiation with the EHR vendor. All of it is deployable within sixty days.
This article describes AI strategy for a $5M–$25M non-tech healthcare company: what AI produces at this scale, the HIPAA-compatible framework that makes AI use appropriate, and the specific workflows where the return is immediate.
Before diving in, it helps to understand the four-phase sequence that mid-market companies follow to build from AI Foundations to AI-native operations — healthcare operators follow the same phases, with compliance-specific requirements layered into Phase 1.
Clinical AI vs operational AI — the distinction that determines where to start
Clinical AI (not this article)
Clinical AI includes ambient documentation systems (Nuance DAX, Suki, Abridge), clinical decision support tools, AI-assisted imaging interpretation, and AI-enhanced EHR workflows.
These applications require EHR integration, clinical workflow change management, potentially FDA regulation, specific HIPAA Business Associate Agreements with clinical AI vendors, and clinical staff adoption processes.
When to evaluate clinical AI: after the operational AI Foundation is established and producing consistent returns.
Operational AI (what this article covers)
Operational AI includes administrative staff communications, payer letters and appeals, referral source correspondence, compliance documentation drafts, operations reports, management briefings, staff onboarding and policy communications.
These applications require an AI tool with appropriate data handling terms (BAA where PHI might be involved), a de-identification standard for AI inputs, and a work product review process.
They do not require EHR integration, FDA approval, or clinical workflow changes.
The operational AI that is running well at a $20M specialty practice is producing $120,000 to $200,000 per year in recovered administrative staff time and improved payer appeal recovery rates, without a single clinical workflow integration.
The HIPAA boundary in practice
| Category | Examples | What’s required |
|---|---|---|
| HIPAA-applicable operational AI | Payer appeal letters referencing clinical circumstances, authorization requests with clinical necessity documentation | BAA with AI tool provider, de-identification standard |
| Non-HIPAA operational AI | Referral source relationship communications (aggregate patterns), staff communications, operations reporting, management briefings | Standard data handling |
Most of the time-consuming administrative AI applications in healthcare are in the non-HIPAA category or in the manageable HIPAA category with a BAA in place.
The HIPAA compliance framework for operational AI
The framework has three elements. It takes a day to build, not months.
Element 1: Business Associate Agreement
A BAA is required when an AI tool will process PHI. As of 2026:
- Anthropic (
Claude Teams Enterprise): BAA available. Zero Data Retention option available for maximum PHI minimisation. - OpenAI (
ChatGPT Teams): BAA available for Teams tier with healthcare-specific data handling commitments. - Google Workspace AI: covered under existing Google Workspace BAA for healthcare customers.
- Microsoft (
Copilot for Microsoft 365): covered under existing Microsoft 365 healthcare BAA.
Action: sign the BAA with the chosen provider before using the tool for any PHI-adjacent operational work. This is a form submission on the vendor’s enterprise portal, not a negotiation. Typically completed in under a week.
Element 2: De-identification standard for AI inputs
How de-identification works in practice:
Instead of entering “Patient John Smith, DOB 01/15/1968, Diagnosis: Major Depressive Disorder, Claim #XYZ789”, the billing team member enters:
“Adult male patient, behavioral health diagnosis, claim denied for medical necessity. Patient has been receiving treatment for several months with documented improvement per attached clinical notes.”
The AI produces the appeal letter from the de-identified description. The team member adds the specific patient and claim identifiers when finalising the letter.
The AI interaction is de-identified. The final letter contains the necessary PHI.
Build: a one-page de-identification standard, written in 60 minutes with the compliance officer or practice administrator, that specifies how each workflow type should be de-identified before AI input.
Element 3: Work product review requirement
Every AI output used in a patient-facing context is reviewed by a qualified staff member before use. A notation in the billing system or document record: AI assistance used, reviewer name, date.
This notation protects the practice in an audit or payer dispute by demonstrating that a review process was in place.
Build: 30 minutes to document the notation convention.
The healthcare-specific AI Foundation — five elements
Element 1: Payer communication vocabulary guide
What it contains: the specific language for different payer communication types.
| Communication type | Vocabulary elements required |
|---|---|
| Authorization requests | Clinical necessity language, supporting documentation requirements, CPT/ICD citation format |
| Appeal letters | Appeals argument structure, regulatory references for the denial code, second-level escalation language |
| Denial responses | Contractual basis language, state regulation references, timeline requirements |
| Billing disputes | Claim specificity, payment obligation language, escalation sequence |
Build: 90-minute session with the billing manager and the practice administrator.
Element 2: Referral source communication standards
What it contains: how the practice communicates with referring physicians, hospital discharge planners, and case managers: the tone, the clinical communication conventions (how much clinical detail to include in aggregate vs. individual referral communications), the update frequency, and the relationship-building language.
Why it matters commercially: referral sources who receive consistent communication from a practice generate 15 to 25% more referrals than those who receive inconsistent communication. This is the most commercially impactful Foundation element for practices that depend on external referral networks.
Build: 60-minute session with the practice administrator or the provider who manages the most significant referral relationships.
Element 3: Compliance documentation language guide
What it contains: the specific regulatory vocabulary for HIPAA notices, employee compliance training acknowledgments, incident reports, and the documentation required under the applicable regulatory frameworks (CMS conditions of participation, state licensing requirements, accreditation standards).
Why precision matters: compliance notices that use imprecise language create audit exposure. Generic AI without this guide produces notices that are professionally formatted but not regulatory-precise.
Build: 60-minute session with the compliance officer.
Element 4: Staff communication standards
What it contains: how the leadership team communicates with clinical and administrative staff: the tone for routine operational communications, the language for policy changes, the structure for performance-related communications, and the approach to team announcements.
Build: 45-minute session with the COO or practice administrator.
Element 5: Operations reporting format guide
What it contains: the format for weekly and monthly operations reports: which metrics, in what format, with what trend context.
Build: 45-minute session with the COO and the billing director or operations manager.
The five highest-value operational AI workflows
Workflow 1: Payer appeal and authorization letters
Current process: the billing team member researches the denial code, identifies the appeal basis, drafts the appeal letter, and submits. Per appeal: 60 to 120 minutes. Typical volume at a $15M specialty practice: 15 to 25 appeals per week.
AI-assisted process: the billing team member inputs the de-identified denial description, the clinical basis, and the supporting documentation available. The AI drafts the appeal letter in the payer communication vocabulary standards. The team member adds specific patient identifiers, reviews for accuracy, and submits. New time: 20 to 35 minutes.
Weekly time recovery: 20 appeals × 55 minutes saved = 18 hours per week. At $55/hour: $990 per week.
Recovery rate ROI: for a practice with $2M in annual denials at a 35% recovery rate: a 10-percentage-point improvement in appeal quality recovery = $200,000 additional annual recovery.
Workflow 2: Referral source communications
Current process: referral source updates, thank-you communications, case update letters, and relationship outreach. Currently done inconsistently because the writing takes 20 to 45 minutes per communication and the volume is high.
AI-assisted process: the coordinator inputs the referral source, the de-identified case context, and the communication purpose. The AI drafts in the referral communication standards. Review: 5 minutes.
Weekly time recovery: 15 communications × 25 minutes saved = 6.25 hours per week. Commercial value: the referral network that receives consistent, clinically credible communication generates materially more referrals than one that receives inconsistent communication.
Workflow 3: Staff and team communications
Current process: policy updates, schedule change notifications, performance communications, team announcements. Per communication: 20 to 60 minutes. Volume: 8 to 12 significant staff communications per week.
AI-assisted process: the COO inputs the communication purpose and the relevant facts. The AI drafts in the staff communication standards. Review: 5 minutes.
Weekly time recovery: 10 communications × 30 minutes saved = 5 hours per week. At $80/hour COO time: $400 per week.
Workflow 4: Compliance documentation drafting
Current process: compliance notices, employee acknowledgment forms, incident report narratives, and the routine compliance documentation required under applicable regulatory frameworks. Per document: 30 to 90 minutes.
AI-assisted process: the compliance officer inputs the specific compliance event or requirement. The AI drafts using the correct regulatory language, required document structure, and applicable references. Review: 10 minutes.
Annual time recovery: compliance documentation is periodic: estimated 60 to 80 hours per year recovered.
Workflow 5: Operations and management reporting
Current process: the billing director or operations manager compiles the weekly and monthly operations report from EHR billing reports, staff attendance systems, referral tracking logs, and compliance calendars. Per report: 60 to 90 minutes.
AI-assisted process: standard reports exported from the practice management system are provided to the AI operations reporting workflow. The AI produces the management report in the standard format. Review: 15 minutes.
Weekly time recovery: 60 minutes per weekly report. Primary value: the management meeting that starts from an assembled picture rather than one still being compiled.
Common questions on healthcare AI strategy
”We can’t use AI because of HIPAA”
This reflects the correct instinct applied too broadly. HIPAA governs the use of protected health information. Most operational AI workflows do not require PHI to produce valuable outputs.
The governance framework that defines which workflows are HIPAA-applicable and which are not is a one-day project, not a barrier to implementation. The three-element framework (BAA, de-identification standard, work product review) provides the documented governance that makes AI use appropriate.
”Does Claude or ChatGPT offer a HIPAA BAA?”
Yes. Anthropic offers a BAA for Claude Teams at the Enterprise tier. OpenAI offers a BAA for ChatGPT Teams at the business tier.
Both include data processing commitments appropriate for healthcare BAA requirements. BAA signature is typically completed via the vendor’s enterprise portal in under a week.
”What about AI for patient scheduling and intake?”
Patient scheduling and intake communications are HIPAA-applicable when they involve PHI (appointment reminders with diagnosis or provider information, intake forms requesting health history).
With the BAA in place and the de-identification standard applied: these workflows are manageable. For most scheduling communications, generic scheduling language produces the same appointment confirmation outcome with no PHI exposure.
”Can AI help with medical coding and billing?”
AI can assist with billing narrative drafting, appeal letter construction, and authorization request preparation.
Actual medical coding (assigning CPT and ICD-10 codes to clinical encounters) requires human coder judgment. AI can assist coders with research and documentation review, but the coding decision itself remains human.
Want the healthcare operational AI Foundation built, with the HIPAA framework documented and the payer appeal workflow running before the next billing cycle?
AI strategy for a $5M–$25M non-tech healthcare company starts above the clinical encounter.
The five Foundation elements produce AI outputs that use the correct regulatory vocabulary and communicate with referral sources at the expected clinical communication standard.
The five operational workflows recover 30 or more hours per week of billing, administrative, and leadership team time, and produce a payer appeal quality improvement worth $200,000 per year in additional recovery at a typical specialty practice.
Path one: start with the payer communication vocabulary guide. Block 90 minutes with your billing manager and practice administrator. Document the appeal language for your three most common denial codes, the authorization request structure, and the escalation language for second-level appeals. Load the guide into a Claude Project. Run a recent denied claim through it and evaluate whether the appeal language reflects your practice’s standards.
Path two: bring in a partner. Phos AI Labs builds the healthcare operational AI Foundation for non-tech healthcare operators, including the HIPAA compliance framework, the payer communication vocabulary guide, and the billing team training. We have run 400+ AI engagements. Clients include Zapier, Coca-Cola, Medtronic, Dataiku, and American Express. Thirty minutes, no deck. Start here.
Related articles
- How to Use AI to Manage Large Ad Budgets
- How to Get Your Plant Managers to Actually Adopt AI Tools
- AI Consulting Firm vs AI Software Vendor: What Your Mid-Market Company Actually Needs
- AI Strategy for Your Professional Services Firm: The Honest Guide
- Best AI Consultants for Distribution and Logistics Businesses in 2026
- What is Claude Fable 5? Benchmarks and pricing