Every AI tool looks good in a demo. The interface is clean, the answers are fast, and the salesperson has an answer for everything. The hard part is knowing whether it will actually hold up in your clinic, with your patients and your data.
These five questions cut through the pitch. Ask them of any vendor before you commit.
1. Will you sign a Business Associate Agreement?
This is the first question, and if the answer is no, the conversation is over. A BAA is the legal contract that makes the vendor responsible for protecting your patients' health information. Without one, that tool should never touch patient data, no matter how good it is.
A good answer: yes, a BAA is included on every plan, not just enterprise. If a vendor hesitates, treats it as an upsell, or cannot explain it clearly, that tells you everything.
2. Is my patient data used to train your AI models?
Many AI tools improve their models using the data people submit. In healthcare, that is unacceptable. Your patients' information should never become training material for someone else's model.
A good answer: no, your data is never used to train, fine-tune, or improve any AI model, and it is guaranteed contractually. Vague answers like “we take privacy seriously” are not answers.
3. What happens when the AI does not know?
This one separates serious healthcare tools from repurposed chatbots. Patients ask clinical questions. A responsible AI recognizes when something needs human judgment and hands it to your team, rather than guessing.
A good answer: anything requiring clinical judgment escalates to your staff automatically, and the AI never makes a medical decision. If the vendor cannot describe their escalation path, that is a serious gap.
4. Can it be set up around how my clinic actually works?
Every practice is different. A tool that forces your team to change their workflow to fit the software creates friction that quietly kills adoption. Your protocols, your specialty, your terminology, and your process should all fit inside it.
A good answer: the tool can be configured to your specialty, protocols, forms, and workflows, and someone helps you set it up rather than handing you a login and wishing you luck.
5. What does support and onboarding actually look like?
Software does not implement itself. Ask specifically who sets it up, how long it takes, what happens when something breaks, and whether you get a real person or a help article.
A good answer: a clear onboarding process with real hands-on help, and a path to reach someone when you need them. Be wary of “it's very intuitive” as a substitute for support.
A few red flags
- Compliance claims the vendor cannot document or explain
- Vague answers about how your data is used
- No clear escalation path for clinical questions
- A rigid product that expects you to adapt to it
- Pressure to sign before your questions are answered
The bottom line
Good AI vendors welcome these questions, because they have real answers. If a vendor gets defensive or vague on any of the five, that is your signal. The tool might be impressive, but impressive is not the same as safe, and your patients' trust is not worth the risk.
Learn what makes an AI agent HIPAA-compliant · See how A2V2 handles security · Book a demo
This article is educational and not legal advice. For specific compliance questions, consult a qualified professional.



