Every day, AI tooling is becoming more embedded in daily clinical practice. Physicians, nurse practitioners, and PAs use AI GPT tools to streamline their workflows and refocus on patient care.
With that goal in mind, those same healthcare professionals ask an important question: Can these tools really be trusted with patient information? Taking it one step further: Is HIPAA compliance enough to make the tool safe for clinical use?
Here, we’ll detail what ChatGPT-type tool HIPAA compliance looks like, and why there’s more to consider when testing and implementing healthcare AI.
The Short Answer: HIPAA Compliance Is Possible, But It's Just A Starting Point
Yes, through a Business Associate Agreement (BAA), certain enterprise-tier customers can use the HIPAA-compliant ChatGPT for Healthcare. This means it meets HIPAA’s technical and administrative safeguards, and under the right configuration, can be handled with the protections required by federal law.
With that in mind, HIPAA compliance is the standard for healthcare AI, not a guarantee of clinical fit. The tool's compliance tells you how the data is transmitted and stored, but says little about whether the information is accurate, current, or appropriate for clinical decision-making.
What HIPAA Compliance Covers
When it’s time to evaluate an AI tool for healthcare use, start by understanding what HIPAA compliance covers and what it doesn’t. A compliant AI tool must:
- Sign a Business Associate Agreement (BAA)
- Restrict the use of Protected Health Information (PHI) to the agreed-upon use
- Implement administrative, technical, and physical safeguards for PHI
- Ensure that PHI data isn’t used to train models without authorization
- Report breaches in accordance with federal timelines
While they are important protections, they do not address the clinical accuracy of outputs or the quality of the underlying evidence used. Additionally, it does not guarantee that the tool is designed with a clinician’s workflow in mind.
Compliance and Clinical Reliability: The ChatGPT Gap
General-purpose, public-facing large language models carry inherent limitations in clinical contexts, even when deployed compliantly. They are trained on broader data that includes both quality medical literature and often some unreliable resources. This leads to confident-sounding responses that are incomplete, outdated, or simply incorrect.
In a healthcare setting, this combination of sounding authoritative but being inaccurate can have serious consequences for patients and doctors. This is where the distinction between a compliant tool and a purpose-built clinical tool is important.
Why Trusted AI Tooling is Crucial For Medical Residents
For resident physicians, accurate, transparent, and reliable education materials are a must. Working with HIPAA-compliant AI is the bare minimum, but even slightly inaccurate outputs could impact patient safety and security, as well as their professional development.
Instead, when using a HIPAA-compliant AI purpose-built for clinicians, it could be an asset to their education. If prompted correctly, the AI could help with practice for on-the-spot testing, roleplay, and surfacing information on diagnoses and drug monographs.
How Doximity Approaches AI Differently
Doximity’s DoxGPT checks both boxes on the must-have list by being both HIPAA-compliant and built for clinicians of all types . Rather than drawing on public-facing internet sources, DoxGPT works within closed systems of evidence-based medical literature.
This means the information surfaced for clinicians is reputable and trustworthy, instead of the broader, noisier ecosystem that public-facing GPT products rely on. When using DoxGPT, clinicians can easily trace the sources from outputs to feel better about where their findings are coming from.
PeerCheck™: Helping Clinicians Feel Confident In AI
PeerCheck™ is Doximity’s physician-in-the-loop citation verification feature for DoxGPT. The goal is to bring more transparency and trust to AI outputs by having licensed doctors evaluate and improve output for potential bias, evidence strength, and accuracy. As of now, DoxGPT has over 10,000 outputs reviewed and verified with PeerCheck™, and the long-term goal is to have it serve as a model for how medical AI should be governed.
PeerCheck™ reflects a few core principles that separate Doximity from public-facing AI:
- Citation transparency: PeerCheck™ enables clinicians to verify sources in real time, maintaining the integrity and administrative rigor that clinical decision making requires.
- Evidence-grounded literature: PeerCheck™ outputs are anchored in evidence-based medical findings instead of general web content.
- A clinician-first design: Workflows, terminology, and outputs are presented and formatted in a way doctors find helpful for their specialty.
Doctors, nurse practitioners, and PAs can use DoxGPT as a more trusted source than public-facing GPT products, but it’s important to note that with any AI tooling, it should be used as a guide rather than an absolute truth. No AI product should replace clinical judgment, and a healthcare professional’s expertise should be the final sign-off in clinical applications.
In addition to DoxGPT, Doximity offers Doximity Scribe and Doximity Dialer to healthcare professionals looking to streamline their workflows. Scribe is an AI-powered transcription tool that summarizes patient visits before discarding recordings, and Dialer is a popular telehealth platform that enables physicians to text, call, and video call patients while keeping their personal phone numbers private.
Like DoxGPT, Scribe, and Dialer are easy to use, HIPAA-compliant, and completely free. It’s the accessible tooling physicians want, with the security and safeguards they need.
The Right Standard for Clinical AI With Doximity
As AI use ramps up in healthcare, the industry will move beyond treating HIPAA compliance as the only must-have before adoption. While compliance is important, it’s not enough to make a difference in practice. The real standard should include evidence-based outputs, transparency, and having physicians in the loop, much like Doximity’s PeerCheck™ does.
Over 85% of doctors in the U.S. use Doximity today. Signing up only requires valid healthcare credentials, and DoxGPT, Doximity Scribe, and Doximity Dialer are all user-friendly and free. Doximity is ready to meet the new standard for clinical AI tooling in healthcare, where accuracy, security, and patient care are a must. Try Doximity today.