MARCH 2026 | 27 THE OKLAHOMA BAR JOURNAL The upside that AI offers for health care data processing is not without risk. Industry experts have expressed concern that patient privacy rights may not be adequately protected when processing data with AI.1 Some have expressed concern that AI processing of patient information may lead to the automated, inadvertent redisclosure of patient personally identifiable information in AI output.2 Health care data often includes protected health information (PHI), which is governed by the strict privacy and security requirements of the Health Insurance Portability and Accountability Act of 1996 and related statutes and regulations3 (collectively HIPAA). PHI, by definition, contains personally identifiable information of patients. Processing PHI with AI tools can raise serious HIPAA compliance risks if proper safeguards are not implemented. Data should generally be processed only for payment, treatment and health care purposes as permitted by HIPAA. For processing activities falling outside these categories, it may be necessary to create de-identified data sets for processing. This article presents the general parameters under which covered entities may use AI to process PHI under HIPAA. For processing activities falling outside these general parameters, this article generally explains the process by which PHI may be de-identified under HIPAA for such uses. WHAT IS PHI, COVERED ENTITY AND BUSINESS ASSOCIATE? Under HIPAA, individually identifiable health information4 or PHI5 includes demographic data tied to an individual’s past, present or future physical or mental health, health care services received or payment related to health care services that either identify an ARTIFICIAL INTELLIGENCE TOOLS, INCLUDING LARGE LANGUAGE MODELS, are quickly transforming how health care organizations process and analyze vast amounts of clinical data. Health care information has been exchanged by health care entities in digital format for over 30 years, and most electronic health records are highly structured, making them easily processable by computers. AI holds the promise to make current data operations even faster and more efficient. From predictive modeling to workflow automation, AI offers insights and turnaround times that were previously impossible for human teams alone. Many health care entities use AI as part of their data analytics operations to conduct payment and coding audits, automate prior authorization processes and directly interface with patients. Some entities are actively exploring the use of generative AI for predictive modeling, which holds the promise of new diagnostic insights that may increase provider efficiency and ultimately lower health care costs. Statements or opinions expressed in the Oklahoma Bar Journal are those of the authors and do not necessarily reflect those of the Oklahoma Bar Association, its officers, Board of Governors, Board of Editors or staff.
RkJQdWJsaXNoZXIy OTk3MQ==