Cloud AI services require Business Associate Agreements and create breach exposure every time PHI is transmitted. Local AI hardware eliminates both problems because patient data never leaves your network.
Built by John Dougherty, 25-year enterprise security and technology veteran. Every system is personally assembled, burn-tested for 72 hours, and delivered direct.
HIPAA was built for a world where data stays within defined boundaries. Cloud AI breaks those boundaries by design.
When a provider uses a cloud AI service to draft a clinical note, summarize a patient encounter, or write a prior authorization letter, the Protected Health Information in that prompt leaves the practice's network. It is transmitted to a cloud data center, processed on shared infrastructure, and returned over the public internet. Under HIPAA, this transmission makes the cloud AI provider a business associate. A Business Associate Agreement (BAA) is required. The provider's data handling practices become your compliance responsibility.
Some cloud AI providers now offer "HIPAA-eligible" tiers with BAA support. This addresses the contractual requirement - but it does not eliminate the structural risk. PHI is still transmitted to, and processed on, infrastructure you do not control. A breach at the cloud provider is a breach of your patient data. Under the HIPAA Breach Notification Rule (45 CFR 164.402), that disclosure may be reportable.
The distinction matters: "HIPAA-eligible" means a cloud provider has agreed to certain contractual obligations. "HIPAA-simpler" means the data never left your building in the first place, and the entire third-party compliance layer does not apply. Medical practices share this challenge with every data-sovereign industry we serve - the solution is the same infrastructure, applied to different compliance frameworks.
PHI stays within your physical infrastructure. The compliance path gets shorter.
AI models run on a physical server in your facility. Patient data travels from the workstation to the server over your internal network. No internet connection required for inference. No data packets leave your building.
When PHI never leaves your network, there is no third-party business associate. The BAA requirement, the vendor security assessment, and the ongoing compliance monitoring of the cloud provider - all of it goes away.
The server lives behind your firewall, under your physical access controls, governed by your security policies. You control who accesses it, how data is handled, and what stays logged. Your compliance posture. Your rules.
The same AI capabilities your staff wants from cloud services, running on hardware that keeps PHI under your control.
Generate first drafts of SOAP notes, progress notes, and visit summaries from dictated or typed encounter descriptions. Providers review and finalize. The AI handles the documentation burden - the provider retains clinical judgment.
Draft prior authorization narratives with clinical justification language. Feed in the procedure, diagnosis, and clinical context - the AI produces a structured letter that addresses common payer denial patterns.
Generate plain-language patient education documents tailored to specific conditions, procedures, or medication regimens. Produce materials at appropriate reading levels for your patient population.
Review encounter documentation against coding requirements. Identify documentation gaps that could affect code selection or audit defensibility. Flag areas where additional clinical detail would support the billed level of service.
Draft referral letters, insurance appeal letters, patient recall correspondence, and internal communications. Consistent formatting and professional tone across all practice communications.
Mixtral 8x22B provides strong multilingual capability for practices serving diverse patient populations. Draft patient communications, translate educational materials, and produce discharge instructions in multiple languages.
OpenWebUI is a browser-based chat interface. It looks and operates like ChatGPT. Your staff open Chrome or Firefox on any device connected to your office network, log in with their credentials, and start typing. There is no software to install on workstations, no command-line interface, no technical configuration.
Administrative staff who draft correspondence, billing specialists who write appeal letters, and clinical support staff who prepare patient education materials can use the system immediately. The learning curve is the same as any chat-based AI tool they may have already tried at home.
OpenWebUI includes user management and access controls. You can create accounts for each staff member, track usage, and control which models are available to which users. Admin controls are built in.
25 total users: 15 providers plus 10 administrative and billing staff.
| Cloud AI (25 Users) | Island Mountain Summit Base | |
|---|---|---|
| Year 1 Cost | $9,000 - $45,000 | $75,000 - $85,000 (one time) |
| Year 3 Cumulative | $27,000 - $135,000 | Electricity only (~$1,200 - $2,400/yr) |
| PHI Location | Cloud provider data centers | Your server room. Your control. |
| BAA Required | Yes - mandatory for HIPAA | No. Data never leaves your network. |
| Breach Exposure | Every session transmits PHI externally | Zero external transmission. |
| Per-User Fees | $30 - $150 per user per month | None. Unlimited users. |
| EHR Integration | Some platforms offer integrations | Not included. Standalone AI. |
| Vendor Compliance Monitoring | Ongoing - your responsibility | Not applicable. No vendor. |
| Staff Training | Platform-specific onboarding | Browser-based. Same day. |
Clarity on boundaries prevents bad purchasing decisions.
Island Mountain hardware does not connect to Epic, Cerner, Athenahealth, or any EHR system. The AI runs through OpenWebUI - a standalone browser-based interface. Moving data between your EHR and the AI is a manual copy-paste process.
This hardware is not FDA-classified, not a clinical decision support tool, and not a diagnostic system. It generates text based on what you provide. It does not access medical databases, imaging systems, or lab results. Clinical judgment remains entirely with the provider.
The system does not perform population health analytics, quality measure reporting, or clinical outcome tracking. It is a text generation tool, not a data analytics platform. It writes what you ask it to write - it does not analyze your practice data.
After the 30-day included support period, your practice or IT contractor handles OS updates, model updates, and general system maintenance. This is standard Linux server administration. Most managed service providers who support medical offices can handle it.
Power & Installation: All Island Mountain systems require a dedicated 208V/30A power circuit (NEMA L6-30R). Most medical offices with an existing server closet or IT room have this infrastructure or can add it for $500-$2,000 through a licensed electrician. The system fits in a standard 4U rack space. Average power draw under typical inference loads is 1.5-2.5 kW. Temperature requirements are standard office HVAC (64-80°F).
No. A Business Associate Agreement is only required under HIPAA when Protected Health Information (PHI) is shared with a third-party service provider. On-premises AI hardware processes PHI entirely within your facility - no data transmitted to any external service means no business associate relationship exists. The BAA requirement under 45 CFR Part 164 does not apply.
No. Island Mountain hardware is general-purpose AI inference infrastructure, not a medical device or clinical decision support tool. It is not classified under FDA regulations and does not provide diagnostic assistance or treatment recommendations. The system runs the same type of large language models available through cloud services, but on NVIDIA H100 or H200 GPUs inside your facility.
Yes. The system runs OpenWebUI, a browser-based interface that works like ChatGPT. Staff open any web browser on the office network, log in, and start typing. No command line, no technical configuration, no software installation. Administrative staff, billing specialists, and clinical support staff can use the system on day one.
Cloud AI subscriptions for healthcare platforms typically cost $30 to $150 per user per month. For 25 users, that totals $9,000 to $45,000 per year with ongoing BAA management overhead and breach exposure on every query. An Island Mountain Summit Base system with two NVIDIA H100 GPUs costs $75,000 to $85,000 as a one-time purchase. No per-user fees. No BAA required.
Island Mountain is a hardware company, not a compliance authority. References to HIPAA, the Breach Notification Rule, or Business Associate Agreement requirements on this page reflect factual descriptions of data handling mechanics - not legal or regulatory advice. Consult qualified counsel or your compliance officer for determinations specific to your practice.
Tribal health services department serving 12,000 patients. Patient data never leaves sovereign territory. Full HIPAA and OCAP compliance from day one.
Scenario: Tribal Health DepartmentMulti-site rural practice with no reliable broadband. Local AI runs clinical decision support without depending on internet connectivity.
Scenario: Rural Health NetworkBehavioral health clinic processing sensitive patient narratives. Zero risk of PHI exposure to third-party cloud providers.
Scenario: Behavioral Health PracticeOne conversation. No sales pitch. Tell us about your practice's AI needs and we will spec the right system.
Or call directly: 1-801-609-1130
See all eleven industries we serve or explore: Law Firms · Tribal Nations