| What the numbers say | Verified figure |
|---|---|
| Free medical AI models available | 380+ (free to use forever) |
| Total downloads since July 2025 | 29.7 million |
| Accuracy on industry medical text tests | Up to 99.8% (best-in-class on 10 of 12 tests) |
| Microsoft Dragon Copilot clinician users (2026) | 200,000+ across 400+ healthcare organisations |
| Mayo Clinic AI investment | $1+ billion across 200+ projects |
| Average cost of a US healthcare data breach | $7.42 million (IBM) |
| Maximum HIPAA fine per year for serious neglect | $2.1 million |
A private multi-site medical group came to us with a question we hear constantly from doctors right now: "Our staff are already pasting patient notes into ChatGPT. How do we give them AI that actually helps, without ending up in a HIPAA investigation?"
That question is more common than most practice owners realise. Two out of every three doctors are now using AI in their practice — up from just over one in three two years ago (HIPAA Journal). And most of them are using tools that, technically speaking, aren't allowed to handle patient information at all — the free version of ChatGPT, the Claude app on their phone, Google Gemini. Every patient note that gets pasted into one of those is, on paper, a HIPAA breach waiting to be discovered.
Banning AI isn't the answer. Doctors love AI for the same reason their patients do — it saves time. The answer is private AI for medical practices — AI that simply doesn't send patient information anywhere because it lives on a server inside the practice. That's what we built, using a free open-source medical AI toolkit called OpenMed, released in July 2025 and now downloaded 29.7 million times by researchers and developers around the world.
This case study explains how we put it together, why it was a better fit than "just buying ChatGPT Enterprise," and what the same approach can do for any practice trying to figure out private AI versus cloud AI.
What Makes OpenMed Different From ChatGPT for Medical Use?
OpenMed isn't another chatbot. It's a purpose-built medical AI toolkit that does the unglamorous work a practice actually needs — pulling drug names, conditions, and patient identifiers out of consult notes, then stripping anything that could identify a patient before that text touches anything else.
The single most important difference: OpenMed runs on a server inside your practice. Patient information never leaves the building.
When a doctor pastes a note into ChatGPT, that note travels to OpenAI's servers in another country. Even with ChatGPT for Healthcare (the enterprise version OpenAI launched in January 2026 with a Business Associate Agreement), the data still goes outside. OpenMed avoids the whole category of risk by never sending anything out in the first place.
It's the difference between "compliant if you sign the right paperwork and trust the vendor" and "the question doesn't come up because nothing leaves your office." For most of the doctors we work with, the second is the only one that lets them sleep.
Common Questions from Practice Owners
Why They Called Us: Doctors Were Already Using ChatGPT with Patient Notes
The group runs five clinics with around 40 doctors and 80 support staff. Their internal audit turned up something the compliance officer had been worried about for months — doctors were quietly using free ChatGPT to summarise consult notes, draft referral letters, and translate patient handouts. No-one had told them to stop. No-one had given them a safer alternative.
Three numbers explain why the leadership team treated this as urgent:
- $7.42 million — what the average healthcare data breach costs in the US, according to IBM's annual breach cost report. Healthcare has been the most expensive industry for breaches 14 years in a row.
- $2.1 million per year — the maximum HIPAA fine for serious neglect, with most actual settlements landing between $500,000 and $3 million for breaches affecting thousands of patients (HIPAA Journal).
- 192.7 million patients — the number of people affected by the Change Healthcare breach in 2024 alone. That made 2024 the worst year on record for exposed medical records and put every US practice on the regulators' radar.
The brief from the medical director was clear: doctors keep the productivity they were getting from AI, patient information stops leaving the building, and nobody has to log into yet another system. We had solved a similar version of this for a London clinic that needed a HIPAA-compliant phone assistant — but this time the AI needed to live inside the doctors' workflow, not on the phone.
Why We Picked OpenMed (and Not ChatGPT Enterprise)
We looked at four options before committing. Here's how they stacked up:
| Option | Does patient data leave the practice? | How long to get running? | How accurate is it for medical text? | What does it cost ongoing? |
|---|---|---|---|---|
| ChatGPT Enterprise (with BAA) | Yes — sent to OpenAI | About 2 weeks | High for general writing, not trained on medical | High — pay per use, grows with volume |
| Build a custom AI from scratch | No — stays in-house | 3–4 months | Hard to predict, expensive to keep tuning | Just hardware after build |
| Commercial medical AI service | Yes — sent to vendor | 4–6 weeks | Hidden — you can't inspect it | Expensive yearly licence |
| OpenMed + our integration | No — stays in-house | 5 weeks | Top-rated on 10 of 12 industry benchmark tests | Just hardware — software is free forever |
OpenMed won on three things at once: it's already trained on medical text (no need to wait months for tuning), it's completely free to use forever, and the doctors could be using it inside six weeks. We walk through this same trade-off in Custom AI vs. Off-the-Shelf.
The accuracy isn't a marketing claim. The team behind OpenMed published their research (arXiv 2508.01630) showing the models score higher than the previous best results on industry-standard medical text tests — 2.7 points higher on disease detection, 5.3 points higher on gene detection, and 9.7 points higher on clinical cell line tests. These numbers are independently reproducible. We checked.
How We Set It Up (In Plain English)
We delivered the whole thing in five weeks. Here's what that looked like, without the jargon.
Week 1 — We put a server inside the practice
One computer, installed in the group's main site, with a backup at the second-largest site. Powerful enough to run the AI, small enough to fit on a shelf in the IT closet. Nothing connects out to the internet for patient data — the only thing leaving the box is encrypted backups to the practice's existing storage. The same deployment discipline we cover in our AI Deployment Checklist.
Week 2 — We chose five OpenMed models for the practice
OpenMed has 380+ models. The group needed five:
- Patient-identifier remover — wipes names, dates of birth, phone numbers, addresses, and the other 14 HIPAA Safe Harbor categories from any text before it goes anywhere else.
- Condition reader — pulls out diagnoses and symptoms for chart structuring.
- Medication reader — pulls out drug names and dosages (this is OpenMed's most-downloaded model worldwide — 147,305 downloads).
- Body-part tagger — helps with radiology and surgical notes.
- Gene/protein tagger — used by the group's oncology team.
When the AI isn't confident enough about something, it doesn't guess — it flags the note for a clinician to look at. That principle of "AI suggests, human decides" is described in our AI System Architecture Essential Guide.
Weeks 3–4 — We connected it to the practice's patient records
The group's patient records system already supports the standard modern interface (FHIR) that most modern EHRs use. We wrote a small bridge that watches for new consult notes, runs them through OpenMed, and writes the structured result back into the patient chart — but only after a clinician approves it. Nothing reaches a patient record automatically. The medical director's non-negotiable.
Week 5 — We rolled it out to the doctors
The doctors already use iPads in consults. We added a shortcut: the doctor dictates a note, sees the conditions and medications appear highlighted in real time, and taps to accept or fix them. All of it runs on the iPad itself using Apple's built-in AI acceleration — meaning even the device-level processing stays on the device. Every interaction is logged automatically, so the practice has a full audit trail for HIPAA. Same compliance principles as our AI Compliance Agent Guide for the UK — they apply on both sides of the Atlantic.
What Actually Happened in the First 90 Days
There are two ways to measure success here. One is what OpenMed itself can prove — published, externally verifiable. The other is what changed inside the practice.
What OpenMed delivers (published, independently verifiable)
- Accuracy scores up to 0.998 across 13 industry-standard medical text tests (0 to 1 scale — 1 is perfect)
- Best-in-class results on 10 of 12 tests it was measured against
- Almost 10 points better than the previous best on detecting clinical cell line names
- 29.7 million downloads by other researchers and developers since July 2025
- All 18 HIPAA Safe Harbor identifier categories automatically detected and removed
Sources: OpenMed NER paper (arXiv 2508.01630), OpenMed on HuggingFace.
What changed for the medical group (first 90 days)
- Zero patient information has been sent to any outside AI service since cutover
- Staff stopped using ChatGPT for patient notes — verified by the practice's IT monitoring
- Responses come back in under a fifth of a second — fast enough that doctors don't wait
- Doctors adopted it faster than expected — exceeded the practice's four-week internal target
- The compliance officer formally signed off — the practice's risk register moved "uncontrolled AI use" from High to Low
We have deliberately not published percentage-reduction figures the practice hasn't authorised. The numbers above are the ones we can stand behind.
OpenMed vs ChatGPT for Medical Practices — Side by Side
| What matters to a practice | OpenMed (in-house) | Big tech healthcare AI (OpenAI / Anthropic / Google / Microsoft) |
|---|---|---|
| Does patient data leave the building? | No | Yes — sent to the vendor's cloud |
| Do you need a signed compliance agreement (BAA)? | No — there's no third party | Yes, one per vendor |
| What does it cost as volume grows? | Just the one-off hardware | Pay-per-use or per-seat — grows as you use it more |
| Is it trained on medical text? | Yes — on real medical research | Mixed: MedLM/Med-Gemini yes; ChatGPT/Claude general-purpose |
| Who controls the audit logs? | You do | The vendor does |
| Can the vendor change the rules later? | No — software is free forever | Yes — terms have changed before |
| Can you customise it for your practice's wording? | Yes — fully | Only at the surface level |
| How long until it's running? | 4–6 weeks with our team | 1–2 weeks for ChatGPT/Claude/Dragon Copilot |
A fair word on ChatGPT for Healthcare, which launched in January 2026: it's a real, valid option for general writing tasks where a Business Associate Agreement is enough comfort. It doesn't make the data-leaving-the-building question go away — it just adds paperwork that makes it legally tolerable. For oncology, mental health, paediatrics, and any practice where a single patient privacy incident would cost six figures in fines and reputation, keeping the data in-house is the safer call.
What About Claude for Healthcare, Google MedLM, and Microsoft Dragon Copilot?
Every major AI company now has a healthcare offering — most launched within weeks of each other at the J.P. Morgan Healthcare Conference in January 2026. Here's where each one stands:
- OpenAI for Healthcare — ChatGPT for Healthcare, used by AdventHealth, Baylor Scott & White, Boston Children's, and Cedars-Sinai. BAA available.
- Anthropic Claude for Healthcare — runs on AWS Bedrock, Google Cloud, or Azure with BAA. Banner Health rolled out a private Claude assistant to 55,000+ employees in late 2025.
- Google MedLM and Med-Gemini — on Vertex AI, used by HCA Healthcare, Highmark Health, MEDITECH, and Oscar Health.
- Microsoft Dragon Copilot — by far the largest in production: 200,000+ clinicians across 400+ healthcare organisations in 2026. Clinicians save 5+ minutes per encounter; 77% report better documentation quality.
For the medical group in this case study, none of these solved the actual brief — "no patient information leaves the building." All four big-tech options are cloud AI with compliance paperwork. OpenMed is the only category of solution where the question disappears entirely. That's why the practice picked it, and that's why hospital systems like Kaiser Permanente — even after deploying Abridge across 40 hospitals and Mayo Clinic committing over $1 billion to AI projects — still run private, on-premise stacks alongside their big-tech contracts for the most sensitive workloads.
What Does It Cost?
OpenMed itself is free — and stays free. The cost is the setup work and the hardware. Here are our typical engagement sizes:
- Pilot for a single clinic (4–6 weeks): £8,000–£18,000 / $10,000–$22,000. One site, the three to five most relevant medical AI models, basic connection to your patient records, and getting your team comfortable using it.
- Full rollout for a multi-site practice (8–12 weeks): £18,000–£42,000 / $22,000–$52,000. All clinics covered, full audit trail, deeper integration with your patient records, iPad app for the doctors, and the AI tuned to your practice's own vocabulary.
- Larger health network or hospital (12+ weeks): £42,000+ / $52,000+. Multi-region setup, regular model updates, full governance and compliance dashboards.
Hardware is a separate one-off cost — usually £3,000–£20,000 depending on practice size. After that, there are no per-use fees and no annual licence to renew.
Frequently Asked Questions
Is OpenMed actually being used by real medical organisations?
Yes — widely. Since its July 2025 launch, OpenMed has been downloaded 29.7 million times by researchers and developers. Its most popular model, used for spotting drug names in medical text, has been downloaded over 147,000 times by itself. You can check the numbers on its public HuggingFace page at any time.
Can OpenMed really keep us HIPAA compliant?
OpenMed itself is software, not a service — so it can't "be" HIPAA compliant on its own. What it can do is take the biggest HIPAA risk off the table: sending patient information to an outside company. Because it runs entirely on a computer inside your practice, the question of who else sees the data simply doesn't come up. You still need normal HIPAA safeguards (locked rooms, access controls, staff training), but the AI side stops being a worry.
Does OpenMed work for a small practice with fewer than 10 doctors?
Yes. We have set up OpenMed for practices as small as one physician. The hardware needed is one good workstation — comparable in cost to a high-spec iMac or a desktop PC built for video editing. If your practice already runs on Macs, a Mac Studio handles it comfortably using Apple's built-in AI acceleration.
Can OpenMed write referral letters and patient emails like ChatGPT does?
Not on its own — and you wouldn't want it to. OpenMed is built for the structured part: pulling out medications, conditions, identifiers, that sort of thing. For drafting letters, most of our deployments pair OpenMed with a separate general writing AI that also runs on the same in-house server. The doctor gets both — and patient information still never leaves the building. We explain how this combination works in Self-Hosted AI LLMs vs Cloud APIs.
How much work is this for our practice once it's running?
Less than most practices expect. Updates come out roughly every couple of weeks and most practices apply them quarterly. The ongoing work is reviewing items the AI flagged as uncertain, occasional refreshers as the practice's vocabulary changes, and audit log checks — roughly one to two days per month for someone internal, or fully handled by us on a managed support agreement.
Why use free open-source software instead of paying a medical AI company?
Three reasons. First, you own it forever — no annual licence to renew, no vendor that can change the terms or get acquired. Second, you can see exactly what it does — every part of OpenMed is publicly documented, which makes the compliance officer's job a lot easier. Third, cost — commercial medical AI services typically charge $30,000 to $150,000 a year per practice. OpenMed itself costs nothing. You spend the money once on setup and hardware, and then the meter stops running.
Want the Same Setup for Your Practice?
Every week your team keeps pasting patient notes into ChatGPT is another week of risk you can't measure. Telling them to stop doesn't work. Giving them private AI for the practice — a better tool that lives safely inside the building — does.
We handle the whole setup for you — the hardware, choosing the right medical AI models, connecting it to your patient records, training your team, and (if you want) running it for you on an ongoing basis. Pilots are live in 4 to 6 weeks.
👉 Book a free 30-minute call to see if this fits your practice
Sources referenced in this case study: OpenMed GitHub, OpenMed NER paper (arXiv:2508.01630), HIPAA Journal — Is ChatGPT HIPAA Compliant, HIPAA Journal — Healthcare Workers and AI Tool Violations, OpenAI for Healthcare announcement, Anthropic — Healthcare and Life Sciences, Google Cloud — Gen AI Healthcare, Becker's Hospital Review — Microsoft DAX Copilot adoption, Mayo Clinic Innovation Exchange, Fierce Healthcare — Kaiser Permanente x Abridge, IBM Cost of a Data Breach Report 2024.