If someone on your leadership team needs to see this, forward it their way.

In the span of 60 days, OpenAI, Anthropic, and Amazon all launched AI products aimed at fixing healthcare administration — the part that consumes 40 cents of every hospital dollar without touching a single patient. What makes this attempt different from the ones that failed isn't the technology. It's that all three built HIPAA compliance into the foundation first, before writing features on top. Google, Microsoft, and Amazon itself have all tried this before and walked away. The graveyard is full of brilliant ideas that underestimated the compliance layer. This time the compliance layer came first.

Think about the last time you went to the doctor.

You probably waited a few weeks for the appointment. When you got there, someone handed you a clipboard with five pages of forms asking for information you've given that same office before. You filled it out anyway because that's just how it works. Then you waited some more. By the time your doctor walked in, you had maybe twelve minutes together — if you were lucky.

Your doctor wasn't slacking on the other side of that door. They were documenting the last patient's visit. Or fighting with an insurance company over a prior authorization. Or catching up on billing codes. Physicians now spend nearly twice as much time on paperwork as on patients. The average wait for a new appointment is 31 days — up 19% in three years. A full 30% of patients give up and leave before they're ever seen.

Nobody designed it this way. It accumulated. Decades of digitization that moved the clipboard from paper to a screen without actually automating anything underneath. Prior authorization is still largely fax-based in 2026. Fax. The administrative layer now consumes 40% of everything US hospitals spend — not on medicine, not on equipment, not on staff. On paperwork.

That's the problem OpenAI, Anthropic, and Amazon all decided to go after. In the same 60 days.

This isn't the first time big tech has come for healthcare. Not even close.

Google Health launched in 2008 with the promise of giving patients control of their medical records. It shut down in 2011. Microsoft HealthVault ran for eleven years before closing in 2019. Amazon's Haven — the joint venture with JPMorgan and Berkshire Hathaway — folded after three years. Amazon tried again with Amazon Care. Also shut down.

The pattern in every case was the same. Brilliant engineers built something useful, then tried to retrofit it for a regulated environment. HIPAA isn't a box you check. It requires purpose-built encryption, audit trails for every data access event, Business Associate Agreements with every downstream vendor, breach notification protocols, and annual risk assessments. Healthcare data breaches cost an average of $10.93 million — the highest of any industry, fourteen years running. Hospital systems have seen enough compliance disasters to be deeply suspicious of any tech company that treats regulation as a feature to add later.

What's different this time is the sequence. OpenAI, Anthropic, and Amazon all built HIPAA eligibility into the architecture before they built anything else. Compliance teams hired before product teams shipped. Business Associate Agreements structured before hospital conversations started. The features came second.

That order of operations is the whole story. It's boring. It's unglamorous. And it's the only reason any of this has a real chance.

They're not competing for the same thing. Each is going after a different part of the same broken system.

OpenAI's ChatGPT Health is the consumer play. Connect your medical records, Apple Health data, and lab results and have an intelligent conversation about what it means in plain language. Not diagnosis — translation. Over 230 million people were already asking ChatGPT health questions informally every week. This formalizes it with a dedicated privacy layer. Important caveat: ChatGPT Health is not HIPAA-compliant. It's built for patients, not clinical environments.

Anthropic's Claude for Healthcare went broader — consumers and enterprise simultaneously, launched four days after OpenAI and timed deliberately to the JPMorgan Healthcare Conference. The enterprise side is the more significant story. HIPAA-ready infrastructure that plugs into clinical workflows: prior authorization review, care coordination, claims appeals. It connects natively to the CMS coverage database, ICD-10 codes, and PubMed. AstraZeneca, Sanofi, Banner Health, and Flatiron Health are already using it. This is not a proof of concept.

Amazon Connect Health is pure enterprise — no consumer angle at all. AWS went directly after the provider's administrative workflow: appointment scheduling, patient verification, clinical documentation, medical coding. HIPAA-eligible from launch, direct EHR integration, $99 per user per month for up to 600 encounters. Most primary care physicians handle around 300 per month, which makes the math workable even for smaller practices.

Two are built for clinical environments. One isn't. If you're evaluating any of these for an organization, that column matters more than any other.

This issue is supported by Attio. If you're rethinking how AI fits into your operations, your CRM is probably the first place to look

Attio is the AI CRM that builds itself and adapts to how you work. With powerful AI automations and research agents, Attio transforms your GTM motion into a data-driven engine, from intelligent pipeline tracking to product-led growth.

Instead of clicking through records and reports manually, simply ask questions in natural language. Powered by Universal Context—a unified intelligence layer native to Attio—Ask Attio searches, updates, and creates with AI across your entire customer ecosystem.

Teams like Granola, Taskrabbit, and Snackpass didn't realize how much they needed a new CRM. Until they tried Attio.

Start now →

Prior authorization is where the real time savings are. It's information transfer — cross-referencing a patient's history against coverage requirements against clinical guidelines, then writing a determination. A human administrator does one to three per hour. An AI agent does it continuously, in real time, pulling directly from CMS databases and ICD-10 codes. The hours physicians spend on this — hours that belong with patients — start coming back.

Documentation is where the job itself changes. Notes written after the encounter, from memory, in a system designed for billing not care — that's why doctors spend twice as long on paperwork as on patients. Ambient documentation closes that gap without adding to anyone's workload.

Patient intake is the part your patients will feel directly. Digital check-in already cuts new-patient paperwork from 25 minutes to 5–7 minutes. An AI agent that pulls existing records, pre-populates forms, verifies insurance, and flags issues before the patient walks in compresses it further. The clipboard goes away.

None of this is a moonshot. It's the specific, unglamorous work that nobody went to medical school to do — and that the compliance infrastructure is finally in place to support.

Healthcare is the hardest version of the regulated-industry AI problem. The most demanding compliance requirements. The most sensitive data. The most entrenched legacy systems. The most resistant organizations.

If AI can crack healthcare administration at scale, the same playbook applies to financial services, insurance, legal, and government. Every one of those industries has its own version of the HIPAA wall. Every one of them has watched AI bounce off it for years.

The companies paying attention to what just happened in healthcare — and asking what their own compliance layer needs to look like before the tools arrive — are going to be in a very different position from the ones waiting for a finished product to land in their inbox.

Compliance first. Features second. That lesson travels well beyond a doctor's waiting room.

For years the promise of AI in healthcare kept running into the same wall. Smart people, serious money, real technology — and the compliance layer won every time.

What changed isn't the AI. It's that the people building it finally respected the wall instead of going around it.

If someone you know is making AI decisions in a regulated environment without thinking about compliance architecture first, send this to them.

- Hashi