A Miami Dermatology Clinic Just Learned This $65,000 Lesson About AI and HIPAA

Bygio

What your medical practice doesn’t know about AI tools could cost you everything. 

Last month, a dermatology clinic in Coral Gables received a letter that stopped their office manager cold.

A patient had filed a complaint. The complaint wasn’t about care. It wasn’t about billing.

It was about ChatGPT.

Here’s what happened:

A front-desk assistant was drafting a response to a patient’s email about a rash on their child’s face. To save time, she pasted the question into ChatGPT and asked it to “draft a professional, compassionate response.”

The AI did exactly what she asked. It wrote a kind, detailed message that referenced the patient’s photo, described the child’s symptoms, and even suggested a follow-up appointment.

Then the assistant copied the response into the patient portal and hit send.

The problem? She had included the patient’s name and the photo description in the prompt. OpenAI, the company behind ChatGPT, retains data entered into its free version to train its models. That patient’s protected health information (PHI) was now sitting on servers the clinic had no control over.

The patient discovered this when they received a notification that their data had been exposed in a breach elsewhere—a breach traced back to an AI training dataset.

The fine: $65,000 for a HIPAA violation.

The clinic’s cyber liability insurance didn’t cover it because the violation was caused by employee action, not an external attack.

The practice is still open. Barely.

The Hard Truth About AI in Healthcare

Here’s what most Miami medical practices don’t realize:

Your staff is already using AI.

  • The nurse who uses ChatGPT to translate discharge instructions into Spanish
  • The biller who asks Claude to summarize a complex insurance denial
  • The receptionist who uses Grammarly’s AI to polish patient emails

Every single one of these actions could be exposing PHI.

And the OCR (Office for Civil Rights, which enforces HIPAA) has started paying attention. In 2025, they issued their first guidance explicitly stating that using public AI tools with PHI is a violation unless the practice has a Business Associate Agreement (BAA) in place with the AI provider.

Good luck getting OpenAI to sign a BAA for their free tier.

The Problem Isn’t Bad Employees. It’s Bad Systems.

Let me be clear: Your staff isn’t trying to violate HIPAA. They’re trying to do their jobs faster. They’re overworked. They’re underpaid. And no one has ever told them that pasting a patient question into ChatGPT is illegal.

This is a training gap. But it’s also a technology gap.

Your practice needs:

  1. A clear, written AI policy that every employee signs
  2. Approved, HIPAA-compliant AI tools (they exist—they just cost money)
  3. Regular training on what counts as PHI in the age of generative AI
  4. Monitoring to detect when staff are using unauthorized AI tools

But here’s the reality for most small to mid-sized Miami medical practices: You don’t have a compliance officer. You don’t have an IT security team. You barely have a budget for new computers, let alone AI governance.

The Solution Doesn’t Have to Cost a Fortune

You don’t need a full-time IT director. You don’t need a $3,000 monthly managed services contract.

You need someone who understands both AI and HIPAA. And you need them only when you need them.

That’s exactly why GO4 Technologies created an hourly IT support option specifically for medical practices.

For a few hundred dollars, we can:

  • Review your current AI usage (including tools you didn’t know your staff was using)
  • Create a customized AI policy for your practice
  • Recommend HIPAA-compliant alternatives to common AI tools
  • Set up monitoring to detect unauthorized AI use
  • Train your staff on what’s safe and what’s not

You pay only for the hours we work. No retainer. No long-term contract. Just expertise when you need it.

Don’t Wait for the Audit Letter

The OCR doesn’t send warnings. They send fines.

And they’re increasingly interested in AI-related violations. In 2025, AI-related HIPAA complaints increased by over 300% compared to the previous year.

Your practice is one employee, one ChatGPT prompt, and one audit away from a $65,000 lesson.

Let’s make sure that lesson happens to someone else.

Book a 30-minute HIPAA AI risk scan. We’ll review your current AI exposure, answer your questions, and give you a clear path forward. You pay only for the time we use.

#HIPAA #MedicalPractice #AICompliance #MiamiITHealthcare