Webinar Description
Key Takeaways
- Panel discussion examining the intersection of artificial intelligence adoption and HIPAA compliance in healthcare settings
- Perspectives from healthcare operations, legal, product strategy and technical implementation disciplines
- Practical guidance on vendor evaluation, Business Associate Agreements and protected health information safeguards
- Eligible for one self-reported continuing professional education credit
Navigating AI Innovation Under Healthcare’s Regulatory Framework
Healthcare organisations face a distinctive challenge as artificial intelligence capabilities expand rapidly while regulatory frameworks struggle to keep pace. The webinar “AI + HIPAA: Innovating in Healthcare Without Leaving Compliance Behind,” hosted by Paubox in July 2026, brings together practitioners from across the healthcare technology landscape to address how organisations can pursue AI-driven innovation without compromising their compliance obligations under the Health Insurance Portability and Accountability Act.
The session is designed for compliance officers, healthcare technology leaders, legal professionals and product teams who must balance the operational benefits of AI tools against the stringent requirements governing protected health information. As healthcare providers increasingly explore AI applications for clinical decision support, administrative automation and patient engagement, the absence of explicit regulatory guidance specific to AI creates uncertainty that this panel aims to address through practical, experience-based discussion.
About This Event
Scheduled for 8 July 2026, this virtual panel assembles four professionals who approach AI and HIPAA compliance from complementary vantage points. The panel composition reflects the multidisciplinary nature of healthcare AI implementation, featuring a healthcare operations leader who manages day-to-day service delivery, a healthcare attorney versed in regulatory interpretation, a health product strategist focused on market needs and user requirements, and a technical specialist who builds HIPAA-compliant AI systems.
This diversity of perspectives allows the discussion to move beyond theoretical compliance frameworks into the practical realities of deploying AI tools within regulated healthcare environments. The format includes dedicated time for audience questions, enabling attendees to raise specific scenarios relevant to their organisations.
The Compliance Gap in Healthcare AI
HIPAA was enacted in 1996, decades before modern machine learning and generative AI emerged as practical tools for healthcare applications. While the regulation’s core principles around privacy, security and breach notification remain applicable, the specific technical and operational controls required when AI systems process protected health information remain subject to interpretation. This regulatory ambiguity creates genuine risk for healthcare organisations eager to capture efficiency gains and clinical improvements that AI promises.
The challenge extends beyond technical safeguards. Questions arise around data minimisation when training models, the scope of Business Associate Agreements with AI vendors, audit trail requirements for AI-assisted decisions, and patient consent when their health information contributes to algorithmic outputs. Healthcare organisations must make implementation decisions today despite incomplete regulatory clarity, making peer experience and expert interpretation particularly valuable.
Vendor Evaluation and Contractual Protections
One focus area for the panel involves the due diligence process when evaluating AI vendors for healthcare applications. The proliferation of AI tools marketed to healthcare organisations has outpaced many procurement teams’ ability to assess compliance readiness. Not all vendors offering AI solutions understand the specific requirements that apply when their systems will encounter protected health information.
Business Associate Agreements represent a critical contractual mechanism under HIPAA, establishing the obligations of third parties who handle protected health information on behalf of covered entities. However, standard BAA language may not adequately address AI-specific concerns such as model training on client data, data retention after contract termination, or the use of subprocessors in AI infrastructure. The panel will explore what questions healthcare organisations should pose to vendors and what contractual provisions warrant particular attention.
Defining Safe Practices for PHI in AI Systems
The concept of safety when protected health information intersects with AI systems encompasses multiple dimensions. Technical controls such as encryption, access management and audit logging remain foundational, but AI introduces additional considerations. Data used to train or fine-tune models may persist in ways that differ from traditional database storage. Inference requests may be logged by AI providers. Outputs generated by AI systems may inadvertently reveal information about training data.
Healthcare organisations must evaluate whether AI tools process PHI directly, whether de-identification is feasible for their use cases, and what residual risks remain even with technical safeguards in place. The panel’s technical perspective from someone building HIPAA-compliant AI systems should provide insight into how these challenges are being addressed in practice.
Who Should Attend
This session is particularly relevant for compliance officers responsible for HIPAA programmes at healthcare organisations considering or actively implementing AI tools. Chief information officers and technology leaders evaluating AI investments will benefit from understanding the compliance dimensions that should inform vendor selection and deployment decisions. Healthcare attorneys advising clients on AI adoption will gain practical perspectives to complement their regulatory analysis.
Product managers and strategists at health technology companies will find value in understanding the compliance concerns that shape purchasing decisions among their healthcare customers. Security professionals responsible for protecting health information will gain insight into the specific risks AI systems introduce and the controls being implemented across the industry.
Continuing Education Credit
The webinar qualifies for one self-reported continuing professional education credit. Attendees who view the complete session will receive a certificate of attendance suitable for submission to relevant certifying bodies when claiming CPE credits. This makes the session valuable not only for its substantive content but also for professionals maintaining certifications that require ongoing education in compliance, privacy or healthcare administration disciplines.

