For hospice, home health & palliative care
AI is already in your agency.
The policy isn't.
An AI governance pack for hospice, home health, and palliative care agencies. A written policy, a staff-use audit, a PHI-safe tool list, and a one-hour training. Roughly one week, start to finish.
From $1,800 · the Governance Pack is $3,500, about one week
The problem you can't see
Your staff are already using AI. Someone in the office is pasting a patient narrative into ChatGPT to clean it up. A nurse practitioner is summarizing visits with the free version of Claude. It is making their work faster, so it is spreading. Most of it is happening without a policy, without training, and without anyone tracking which tools touch patient information.
PHI leaves the building
The moment protected health information goes into a public AI tool, it is gone, out of your control, with no record of where it went.
No policy when someone asks
If it surfaces in an audit or a complaint, "we didn't have a policy for that" is not an answer you want to give a surveyor, an attorney, or a hospital-system compliance officer.
It is spreading quietly
Adoption is happening tool by tool, person by person, faster than anyone is tracking. For most agencies right now, this is the Wild West.
What you get
AI Use Policy
A written, agency-ready policy your staff can be held accountable to: what is appropriate, what is prohibited, what is compliant, what is not. The reference point you fall back on if an employee issue ever arises.
Staff-Use Audit
A structured survey of what AI tools your people actually use today and where they touch patient data. It produces evidence either way: confidence if you are clean, a map if you are not.
PHI-Safe Tool List
A vetted shortlist of AI tools with HIPAA protections and business associate agreements available, so you can stop trying to make sense of all the proposals in your inbox.
1-Hour Staff Training
A live session that gives your clinical and admin teams shared language: what AI can and cannot do safely, what counts as PHI risk, and what to ask before adopting a tool.
How the week works
Audit
A short survey and a few conversations to see what tools are already in use and where they touch patient information. You get a clear picture of where you actually stand.
Draft
I write the policy and assemble the PHI-safe tool list, shaped around how your team actually works rather than a generic template.
Train
A one-hour live session so the policy lands with the people who have to follow it. You finish the week with everything in hand.
Find the right fit
Every agency's exposure looks a little different. Most start with the Governance Pack. Smaller and larger agencies have a home too.
Essentials
For a single-site agency that wants the basics in place.
$1,800
one-time
- ✓ Written AI use policy
- ✓ PHI-safe tool shortlist
- ✓ A self-guided staff checklist
Governance Pack
For a small to mid-sized agency, one to three sites.
$3,500
one-time, about one week
- ✓ Everything in Essentials
- ✓ Live staff-use audit
- ✓ One-hour live staff training
Multi-Site
For multi-location agencies and larger systems.
$12,000
one-time, scoped to your footprint
- ✓ Everything in the Governance Pack
- ✓ Policy and audit across locations
- ✓ Role-based training and a 60-day follow-up
Your EMR is adding AI. That isn't governance.
Most EMRs are adding AI features now. Ambient charting, coding help, risk flags. They make documentation faster, which matters. But faster charting is not a policy. It is not an audit of what your staff use, a vetted tool list, or the documentation a surveyor would ask for. That part is still yours to handle.
And your EMR only sees what happens inside it. The harder problem is the tools your staff use on their own. One 2025 study put it at 71 percent of healthcare workers still using personal AI accounts for work. No one approved those, and no one is watching them. That is what this work is for, and it fits right alongside whatever your EMR is doing.
Who this is for
Hospice, home health, and palliative care agencies of any size.
Agencies in the middle of an EMR migration or a tech-buying freeze.
Administrators who suspect staff are using AI but have no policy in place.
Small and mid-sized agencies without an in-house compliance officer.
Questions administrators ask
Can my nurses use ChatGPT for visit notes?
Not the public version. Anything a nurse pastes into standard ChatGPT can include protected health information, and once it is in there it is out of your control. There are HIPAA-safe options with a business associate agreement in place, and the policy I write tells your staff which tools are allowed and which are not.
Do I need an AI policy if we're not officially using AI yet?
Yes, because officially and actually are usually different. Even without a rollout, staff adopt tools on their own to save time. A policy gives you something to point to before a problem shows up, not after.
Is ChatGPT HIPAA compliant?
The public version is not. It carries no business associate agreement, so putting patient information into it is a gap. Enterprise and healthcare-specific versions can be configured with the right protections, and the PHI-safe tool list covers which ones and how.
Do we need a business associate agreement for every AI tool that touches PHI?
If a tool processes protected health information on your behalf, a business associate agreement is the mechanism that makes that allowable under HIPAA. The tool list flags which vendors offer one so you are not guessing.
What would a surveyor ask about AI?
Likely whether you have a written policy, whether staff have been trained, and whether you can show which tools touch patient information. The governance pack is built so you can answer all three with a document, not a shrug.
We're mid-EMR-migration. Is now the wrong time?
Now is a good time. This is policy-and-people work that sits alongside a migration without competing with it. It commits you to nothing you would have to unwind later and orients your governance for whatever tools come next.
HIPAA-safe AI vs public ChatGPT
| HIPAA-safe AI | Public ChatGPT | |
|---|---|---|
| Business associate agreement | Available | None |
| Where your data goes | Stays under agreement | Out of your control |
| Record of what was shared | Yes | None |
| Safe for patient information | With the right setup | No |
Who's behind this
BCL Consulting is AI advisory for clinical care organizations, founded by Brooke Lemchak. She is a PhD clinician who has worked inside interdisciplinary care teams and understands why the documentation burden falls where it does. That is the lens she brings to AI governance: practical, grounded in how clinical work actually happens, and written for the people who have to live with the policy.
Let's talk it through
If any of this sounds like your agency, send a note. Every agency's exposure looks a little different, and I'm happy to talk it through and see whether the governance pack is a fit.