Private AI for medical practices is no longer a future idea — it's the only way to give doctors AI that's actually allowed to touch patient data. Two out of every three doctors are now using AI in their practice, and most are doing it with ChatGPT, Claude, or Google Gemini — tools that were never built for patient information and that will not sign the HIPAA agreements a medical practice needs. The safe alternative is a free open-source toolkit called OpenMed, already downloaded 29.7 million times by researchers and developers since its July 2025 release, and quietly becoming the default for HIPAA-conscious clinics.
According to the HIPAA Journal, physician AI use jumped from 38% in 2023 to 66% in 2025. Most of it runs through tools that, technically, are not allowed to handle patient information at all — the free version of ChatGPT, the Claude consumer app, Google Gemini. Every time a clinician pastes a consult note into one of these tools, the practice is, on paper, in breach. The fix is not to ban AI. Doctors love AI for the same reason their patients do — it saves time, and a lot of it. The fix is to give them an AI tool that does the useful work without ever sending patient information outside the building.
This guide explains, in plain English, what private AI for medical practices actually is, how OpenMed works, when it beats ChatGPT (and when it doesn't), what it costs, and how to get started. No jargon. No marketing fluff. If you've ever wondered whether there's a safer alternative to letting your team paste patient notes into ChatGPT, this is the answer.
| What the numbers say | Verified figure |
|---|---|
| Doctors now using AI in their practice (2025) | 66% — up from 38% in 2023 |
| Healthcare orgs using domain-specific AI tools (2026) | 22% — a 7× jump since 2024 (Menlo Ventures) |
| Microsoft Dragon Copilot clinician users (May 2026) | 200,000+ across 400+ healthcare organisations |
| Mayo Clinic AI investment commitment | $1+ billion across 200+ active projects |
| OpenMed downloads in first 10 months | 29.7 million |
| Free medical AI models in the OpenMed catalogue | 380+ (Apache 2.0 — free forever) |
| Average cost of a US healthcare data breach | $7.42 million (IBM 2024) |
| Maximum HIPAA fine per year for serious neglect | $2.1 million |
Why Are Doctors Worried About ChatGPT and Patient Data?
Because the most popular AI tools in the world were not built for medicine — and the people who run them know it.
When a doctor types or pastes anything into the free version of ChatGPT, that text travels to OpenAI's servers, gets processed, and may be stored. OpenAI is upfront about this. They won't sign a HIPAA Business Associate Agreement (BAA) for their free or Plus tiers — which means a practice using those tools with patient data is, strictly, disclosing protected health information to a third party who has not agreed to safeguard it. Same story with Claude's consumer app and the free Gemini.
OpenAI launched ChatGPT for Healthcare in January 2026 — a paid enterprise product that does sign a BAA, used by AdventHealth, Baylor Scott & White, Boston Children's, and Cedars-Sinai. Anthropic launched Claude for Healthcare at the same conference. Google's MedLM and Med-Gemini are available on Vertex AI. Microsoft's Dragon Copilot is already in production at 400+ healthcare organisations. All of them are real products. None of them change the underlying fact that the data still leaves your practice and travels to the vendor's servers. For practices in oncology, mental health, paediatrics, or any setting where a single patient privacy incident would cost six figures, that is a category of risk worth removing entirely.
Three numbers explain why regulators are paying closer attention now than ever:
- $7.42 million — the average cost of a US healthcare data breach, the highest of any industry tracked by IBM for 14 years running.
- $2.1 million per year — the cap on HIPAA fines for what the law calls willful neglect. Most real-world settlements land in the $500,000 to $3 million range for breaches affecting thousands of patient records.
- 192.7 million patients — the number of people whose records were exposed in the Change Healthcare ransomware breach in 2024 alone. That year was the worst on record for medical record exposure and put every US practice on the regulators' radar.
Even outside the US, the picture is the same. UK and EU practices face equivalent rules under GDPR — the principles we cover in our AI Compliance Agent Guide for the UK apply on both sides of the Atlantic.
What Is Private AI for Medical Practices?
Private AI means AI that runs on a computer inside your practice, not on a tech company's servers. When you ask it a question or hand it a note, the AI reads the text, does its work, and replies — all without anything leaving the building. The text is never seen by OpenAI, Google, Anthropic, or anyone else.
Think of it as the difference between using a shared photocopier at the library versus owning your own. The library copier is free, fast, and someone else maintains it — but everything you copy passes through a machine that other people also use, owned by an outside organisation. Your own copier in your back office costs more upfront, but nothing you copy ever leaves your premises. For sensitive documents, the difference matters.
This is the same idea behind self-hosted AI versus cloud AI APIs more broadly — but for medical practices the calculation is sharper, because the rules around patient data are stricter and the penalties bigger.
What Is OpenMed and Why Is Everyone Talking About It?
OpenMed is a free, open-source toolkit specifically built for medical AI work, released in July 2025 by Maziyar Panahi, who leads the team behind one of the most-used open medical text tools in the world (Spark NLP at John Snow Labs). In under 12 months, OpenMed has been downloaded 29.7 million times from HuggingFace and has 1.2k stars on GitHub.
It isn't a chatbot. It doesn't pretend to be ChatGPT. What it does is the unglamorous, useful work that a practice actually needs an AI to do:
- Pull drug names and dosages out of consult notes
- Spot conditions, symptoms, and diagnoses in free text
- Identify and remove patient identifiers (names, dates, addresses, etc.) so notes can be safely shared or analysed
- Tag body parts in radiology and surgical notes
- Pick out gene and protein names for oncology and research work
- Convert messy clinical text into structured data your EHR can use
And the entire thing is licensed under Apache 2.0 — meaning it's free to use, forever, without ongoing fees, without anyone able to take it away or change the terms later.
Is OpenMed Actually Any Good?
The team behind OpenMed published their research (you can read it on arXiv) showing that the OpenMed models score higher than the previous best results on industry-standard medical text tests. The headline numbers:
- Accuracy scores up to 0.998 across 13 industry benchmarks (where 1.0 is perfect)
- Best-in-class results on 10 of 12 tests measured
- 2.7 points higher than the previous best on disease detection
- 5.3 points higher on gene detection
- Almost 10 points higher on clinical cell line identification
Those numbers are independently reproducible. The training data, the testing methods, and the results are all publicly documented. A compliance officer or IT consultant can verify everything.
What About OpenAI, Anthropic, Google and Microsoft? The 2026 Big-Tech Healthcare AI Landscape
It's a fair question. Every major AI company now has a healthcare offering — and most of them launched within a few weeks of each other in January 2026 at the J.P. Morgan Healthcare Conference. Here's the honest state of play, straight from each vendor's own announcements:
-
OpenAI for Healthcare — OpenAI officially launched ChatGPT for Healthcare in January 2026, powered by GPT-5 with doctor-led testing. They will sign a Business Associate Agreement and customers include AdventHealth, Baylor Scott & White Health, Boston Children's Hospital, and Cedars-Sinai Medical Center. (Fierce Healthcare)
-
Anthropic Claude for Healthcare — announced at JPM26, built on top of Claude for Life Sciences (launched October 2025). Available with a BAA through AWS Bedrock, Google Cloud, and Microsoft Azure. Native integrations with the CMS Coverage Database, ICD-10, and PubMed. Banner Health (a 33-hospital system in Phoenix) rolled out a private Claude-based assistant called BannerWise to 55,000+ employees in late 2025.
-
Google MedLM and Med-Gemini — Google's family of medical AI models on the Vertex AI platform, fine-tuned on de-identified medical data. Customers already include HCA Healthcare, Highmark Health, MEDITECH, and Oscar Health. Med-Gemini is still largely available through research partnerships rather than as an off-the-shelf product. (Google Cloud announcements)
-
Microsoft Dragon Copilot (formerly Nuance DAX Copilot) — by far the biggest in actual production use. 200,000+ clinicians across 400+ healthcare organisations as of 2026, with clinicians saving an average of 5+ minutes per patient encounter and 77% reporting better documentation quality. (Becker's Hospital Review)
-
The biggest single rollout — Kaiser Permanente deployed Abridge's ambient documentation AI across 40 hospitals and 600+ medical offices — described as the largest generative AI rollout in healthcare history. (Fierce Healthcare)
Here's the catch — and it's the reason private AI for medical practices like OpenMed continues to grow despite all this big-tech activity:
| Big tech healthcare AI option | Does patient data leave your practice? | BAA available? | Practice owns the system? |
|---|---|---|---|
| OpenAI — ChatGPT for Healthcare | Yes — to OpenAI | Yes | No |
| Anthropic — Claude for Healthcare | Yes — to Anthropic / AWS / Azure / GCP | Yes | No |
| Google — MedLM / Med-Gemini | Yes — to Google Cloud | Yes | No |
| Microsoft — Dragon Copilot | Yes — to Microsoft Azure | Yes | No |
| OpenMed (private, in-house) | No | N/A — no third party | Yes — Apache 2.0 forever |
Every big-tech healthcare AI in 2026 is, structurally, cloud AI with a compliance contract. They will sign the BAA — but the data still travels to their servers. That's a legally valid arrangement, and for many practices it's enough. For practices in oncology, mental health, paediatrics, or any setting where one patient privacy incident would cost six figures in fines plus reputational damage, keeping the data inside the building remains the only architecturally safe answer. OpenMed exists for exactly that requirement.
It's also worth noting what the largest healthcare AI buyers are signalling. Mayo Clinic is investing over $1 billion in AI across more than 200 projects (Mayo Clinic Innovation Exchange). Epic is shipping 150+ AI features in 2026 (Becker's). The biggest hospital systems are not picking a single vendor — they're running multiple AI tools in parallel, layered to fit different risk profiles. Private AI sits at the bottom of that stack for the data they cannot send anywhere.
How Is OpenMed Different From ChatGPT?
The honest answer: they're built for different things. ChatGPT is a general-purpose AI made for writing, brainstorming, summarising, and chatting. OpenMed is a specialist medical AI that does the structured extraction work practices actually need. Most successful private medical AI setups use both — but only the OpenMed half touches the patient information.
Here's how they compare on the dimensions that actually matter to a practice owner:
| What matters to your practice | OpenMed (private, in-house) | Big tech healthcare AI (OpenAI / Anthropic / Google / Microsoft) |
|---|---|---|
| Does patient data leave your building? | No | Yes — sent to the vendor's servers |
| Do you need a signed BAA every year? | No — there's no third party | Yes — one per vendor used |
| Cost as you use it more? | Just the one-off hardware | Pay-per-use or per-seat — grows with usage |
| Trained specifically on medical text? | Yes — on real biomedical research | Mixed: MedLM and Med-Gemini are; Claude/ChatGPT are general-purpose |
| Who controls the audit logs? | You do | The vendor does (with limited export options) |
| Can the vendor change the terms later? | No — Apache 2.0 means you own it forever | Yes — vendor terms have changed before |
| Can you customise it for your practice? | Yes — fully | Surface level only |
| How long until it's working in your practice? | 4–6 weeks with a setup partner | 1–2 weeks for ChatGPT/Claude/Dragon Copilot access |
For a deeper look at the underlying decision — building your own AI tools versus paying for someone else's — see our guide on custom AI versus off-the-shelf.
What Can You Actually Do with OpenMed in a Medical Practice?
OpenMed shines on the medical work that's both most tedious for humans and most risky to outsource to ChatGPT. Here are the most common practice use cases:
1. Automatic patient identifier removal
The single most useful thing OpenMed does. Before any clinical text gets touched by any other system — even another AI on the same computer — OpenMed strips out the 18 categories of identifiers HIPAA defines (names, dates of birth, addresses, phone numbers, medical record numbers, and so on). This means the rest of your workflow operates on safe, anonymised text. Even if something goes wrong downstream, there's no patient information to leak.
2. Consult note structuring
A typical doctor's dictated note is unstructured paragraphs. OpenMed reads it and extracts: which conditions are mentioned, which drugs and at what doses, which body parts, which procedures. The result drops into the patient's chart as structured data your EHR can search, sort, and report on — saving the front-desk staff hours they currently spend retyping.
3. Medication safety checks
Because OpenMed reliably extracts drug names and dosages from consult notes, you can wire it into a basic safety check — flagging drug-drug interactions, dosing outliers, or duplicate prescriptions before a referral letter goes out. Not a replacement for clinical judgment, but a fast second pair of eyes.
4. Referral letter and patient communication preparation
Paired with a separate general-purpose AI (also running privately on the same in-house server), OpenMed handles the medical structuring while the general AI handles the writing. The doctor dictates a referral; the system structures the medical content using OpenMed and drafts the letter using the writing AI. The doctor approves. Total time: under two minutes, with patient data never leaving the building.
5. Research and audit support
OpenMed makes it practical to ask questions across years of de-identified consult notes — "how many patients had condition X presented with symptom Y?" — without ever exposing individual patients. This is the kind of work that previously required either expensive medical analytics software or specialist consultants.
6. Translation of patient handouts
OpenMed supports patient identifier removal across 12 languages (English, French, German, Italian, Spanish, Dutch, Portuguese, Arabic, Hindi, Telugu, Japanese, Turkish). For multilingual practices, this means the same private workflow handles patient materials in whatever language is needed.
The principle behind all of these is the one we describe in our AI System Architecture Essential Guide: AI suggests, human decides. OpenMed never auto-publishes anything to a patient record. A clinician always reviews and approves first.
What Does It Cost to Set Up Private AI in a Medical Practice?
The software itself — OpenMed — is free. Forever. The cost is the setup work and the hardware. Here's an honest breakdown:
Hardware (one-off)
- Small practice (1–10 doctors): £3,000–£8,000 / $4,000–$10,000. A single high-spec workstation handles the workload comfortably. If your practice is on Macs, a Mac Studio works using Apple's built-in AI acceleration.
- Mid-size practice (10–40 doctors, single site): £6,000–£15,000 / $8,000–$18,000. One mid-spec server with a backup machine.
- Multi-site practice (40+ doctors, multiple clinics): £12,000–£30,000 / $15,000–$36,000. Primary server plus failover at the second-largest site.
Setup and integration (one-off, with a partner)
- Pilot for a single clinic (4–6 weeks): £8,000–£18,000 / $10,000–$22,000. Server setup, picking the right OpenMed models for your practice, basic connection to your patient records system, and getting your team comfortable using it.
- Full multi-site rollout (8–12 weeks): £18,000–£42,000 / $22,000–$52,000. Everything above plus full audit trail, deeper EHR integration, iPad app for doctors, and AI tuned to your practice's own vocabulary.
- Larger health network (12+ weeks): £42,000+ / $52,000+. Multi-region setup, automated model updates, governance dashboards.
Ongoing costs
- Software: £0. Forever.
- Hardware maintenance: roughly £500/year for the small practice tier.
- Optional managed support: £400–£1,500/month if you'd rather we keep it running for you.
Compare that to ChatGPT Enterprise: at typical practice usage, the per-user pricing alone runs £25–£60/user/month, plus per-token API charges if you build anything on top. For a 40-doctor practice, you're looking at roughly £12,000–£28,000 per year, every year, with the bill rising as you use it more. After year two, private AI is almost always cheaper, and after year three the gap becomes large.
We dig deeper into this trade-off in our self-hosted AI vs cloud APIs guide.
How Do You Get Started with Private AI in Your Practice?
There are three realistic paths, depending on how technical your practice is and how much you want to handle internally.
Option 1 — DIY (small practices with a technical team member)
If you have someone in the practice who's already comfortable with servers, Linux, or Mac development, OpenMed itself can be installed and running in a single afternoon. The OpenMed GitHub repository has clear documentation. What takes longer is the part that connects it to your EHR, sets up clinician workflows, and gets the team comfortable — usually a few weeks of part-time work for the right person.
This route works for single-physician practices where the doctor is technical themselves, or larger practices with an in-house IT team. It does not work if "our IT person" is the same person who maintains the office Wi-Fi.
Option 2 — Hire a specialist firm for setup, then run it yourself
This is the most common path. A specialist firm like ours handles the four to six weeks of setup work — choosing the right models, installing the server, connecting to your patient records, training your team — and then hands you the running system with documentation. After that, your practice operates and maintains it. We stay available for major issues but the day-to-day is yours.
Best for: practices that want to own the system long-term and have some technical capacity (an office manager who's comfortable with software updates is enough).
Option 3 — Fully managed service
You get the same setup, but we keep running it for you on an ongoing basis. Updates, monitoring, model refreshes, troubleshooting — all handled. Your practice never has to think about the AI side beyond clinical use.
Best for: practices that want the productivity gains of private AI without taking on any technical responsibility internally.
The deployment principles we follow are the same ones in our AI Deployment Checklist — apply them whether you're DIY-ing or working with us.
Real Example: How One Medical Group Replaced ChatGPT in Five Weeks
The clearest answer to "does this actually work?" is to show it working. We recently deployed exactly this kind of setup for a private multi-site medical group — five clinics, around 40 doctors. They had the same problem most practices have: staff already using free ChatGPT for patient notes, compliance officer worried sick, no obvious alternative.
In five weeks they went from "doctors using ChatGPT with patient data" to "zero patient information leaves the building, ever." First-quarter results included full clinician adoption inside four weeks, sub-200ms response times, and a formal sign-off from the practice's compliance officer that moved "uncontrolled AI usage" from High to Low on the risk register.
The full walkthrough is in our OpenMed Private Medical AI Deployment Case Study — week by week, including the exact OpenMed models we deployed and how we connected it to their patient records system.
For practices that also want to address phone calls, we have a sister project: the HIPAA-compliant medical voice assistant case study shows the same private-AI principles applied to a clinic's phone system.
Frequently Asked Questions
Is OpenMed HIPAA compliant?
OpenMed itself is free open-source software, so it can't "be" HIPAA compliant on its own — that depends on how it's deployed. The key advantage is that OpenMed runs entirely inside your practice, so patient information never leaves the building. That removes the biggest HIPAA risk associated with AI use: sending data to outside companies like OpenAI or Google. You still need the normal HIPAA safeguards (locked rooms, access controls, staff training, audit trails), but the AI side stops being a worry.
Is private AI for medical practices realistic for a small practice?
Yes. We have deployed OpenMed-based setups for practices as small as a single physician. The hardware needed is one good workstation — roughly the cost of a high-spec desktop computer or Mac. For practices already on Apple equipment, OpenMed's Mac and iPad version (OpenMedKit) means patient data never even leaves the device. The "you need to be a hospital to do this" assumption is out of date.
Can private AI replace ChatGPT entirely for a medical practice?
Almost entirely, with the right setup. OpenMed handles the medical-specific work. For general writing tasks (referral letters, patient emails, internal documents), we typically pair OpenMed with a separate general-purpose AI that also runs privately on the same in-house server. The doctor gets ChatGPT-like writing help — and patient data still never leaves the building. The combined setup is what most of our medical clients now run.
How long does it actually take to set up private AI for a medical practice?
A typical pilot at a single clinic runs four to six weeks end-to-end: server installed, OpenMed configured, connected to your patient records, clinicians trained. A full multi-site rollout takes eight to twelve weeks. The longest single step is usually the EHR integration, which depends on which patient records system you use. Modern systems with FHIR support (most newer EHRs) are faster.
Will my doctors actually use private AI, or will they keep using ChatGPT in secret?
The honest answer is: it depends entirely on how easy you make it for them. If the private AI is slower, clunkier, or hidden behind a separate login, doctors will keep using ChatGPT. If it's built into their existing iPad workflow with a one-tap shortcut, adoption is fast. The five-clinic group in our case study saw doctor adoption exceed their internal target inside four weeks — because the setup was designed around the doctors' existing workflow, not around the IT team's preferences.
What happens if OpenMed stops being maintained?
Apache 2.0 protects you. Because OpenMed is open-source under a permissive licence, your practice owns the deployment forever. If OpenMed development stopped tomorrow, your existing installation would keep working indefinitely. You could continue using it, hire any developer to maintain or extend it, or fork it yourself. This is the structural advantage of free open-source software over commercial vendors — there is no "vendor lock-in" because there is no vendor.
Can private AI for a medical practice handle multilingual patients?
Yes. OpenMed supports patient identifier removal across 12 languages: English, French, German, Italian, Spanish, Dutch, Portuguese, Arabic, Hindi, Telugu, Japanese, and Turkish. For drafting patient communications in other languages, the general-purpose AI paired with OpenMed handles translation. Practices serving multilingual patient populations often see the strongest productivity gains, because translation work was previously one of the biggest non-clinical time drains.
How does private AI for medical practices compare to commercial medical AI platforms?
Three differences. First, cost — commercial medical AI platforms typically charge $30,000 to $150,000 per practice per year. Private AI with OpenMed is free software plus a one-off setup. Second, transparency — with commercial platforms, you can't see what the AI does or how it decides. OpenMed's models, training data, and benchmarks are all public, so your compliance officer can verify everything. Third, control — commercial platforms can change their pricing, terms, or feature set at any time. Your private OpenMed installation can't be taken away from you.
Want Help Setting This Up for Your Practice?
If your team is already pasting patient notes into ChatGPT — and most practices' staff are, whether the partners know it or not — telling them to stop doesn't work. Giving them a better tool that lives safely inside the practice does.
We handle the entire setup: server, OpenMed configuration, patient records integration, team training, and ongoing support if you want it. Pilots are live in four to six weeks.
👉 Book a free 30-minute call to see if private AI fits your practice
For practices that want to see exactly what this looks like in production first, read our OpenMed Private Medical AI Deployment Case Study — the full week-by-week walkthrough.
Sources referenced: HIPAA Journal — Healthcare Workers and AI Tool Violations, HIPAA Journal — Is ChatGPT HIPAA Compliant, OpenAI for Healthcare announcement, Anthropic — Advancing Claude in Healthcare and Life Sciences, Google Cloud — Gen AI Healthcare Announcements, Becker's Hospital Review — 400+ orgs adopt Microsoft DAX Copilot, Becker's — What Epic is signaling for 2026, Mayo Clinic Innovation Exchange — Generative AI from Concept to Care, Fierce Healthcare — Kaiser Permanente x Abridge rollout, Menlo Ventures — 2025 The State of AI in Healthcare, OpenMed GitHub, OpenMed NER paper (arXiv:2508.01630), OpenMed on HuggingFace, IBM Cost of a Data Breach Report 2024.
ValueStreamAI builds custom agentic AI systems for SMBs and enterprises across the US and UK. Learn more about us →