The HIPAA-Safe AI Medical Billing Stack
For the last few months I've been digging into the regulatory and operational reality of building AI agents that touch US medical billing, claims, prior auth, coding, or patient payment handling. HIPAA's December 2024 Security Rule Final Rule. The BAA chain that has to be unbroken. The False Claims Act risk that scales with your throughput. State-by-state percentage-billing bans. The audit log everyone forgets until OCR shows up. This is a 12-page, dense, operator-grade guide for the person who has to actually ship the thing. Not the buyer. Not the investor. The operator. What's inside: - The 60-second bottom line on what's legally buildable in 2026 - HIPAA: TPO carve-out, the new Security Rule, Minimum Necessary, the "no such thing as a HIPAA-certified AI" myth - The BAA chain: every link, why most LLMs fail it, why your vector DB is a sub-processor - The False Claims Act: how liability scales, what "reckless disregard" means in 2026, the HITL defense - State landmines: NY and CA percentage-billing bans, Colorado SB 24-205, Medicaid enrollment - The audit trail: HIPAA requirements + the AI layer additions + retention rules - The 12-control operational stack that survives a DOJ inquiry - Pricing models that don't get you sued - Go-to-market sequencing - 5 common failure modes - Monday morning action list - Full source list (CFR sections, Federal Register, DOJ enforcement actions, AAPC, KFF) Personal use license. 12 pages. 2,610 words. PDF, instant download. If you're building, buying, or evaluating an AI medical billing agent in 2026, this is what I wish someone had handed me six months ago.
Get it → hermescruz.gumroad.com