Services
Solutions
Use cases
Industries
Tools
Pricing
Book a call
Industry — Healthcare

AI in healthcare

Practices and medical care centres work with patient data, KIM and a consultation hour no auto-bot replaces. Five concrete where actually takes the load off — with §203 StGB and social-data protection as architecture prerequisites.

The daily reality AI has to fit into

The phone rings non-stop in the morning, consultations until 6 pm, dictating doctor's letters in the evening. Thirty to fifty patients a day at ten minutes of treatment time. The medical assistant runs triage at the front desk, answers prescription queries and books appointments — three tasks at once, three attention switches per minute.

in healthcare in 2026 is above all one thing: relief in the places where recurring admin pushes out treating. Diagnosis and therapy remain a doctor's task — everything below (anamnesis structuring, doctor's letter drafts, appointment booking for routine matters, mail classification) can be cleanly supported.

Prerequisite: every setup is checked against professional secrecy and social-data protection before the first script runs. In most cases that leads to pipelines or certified EU-hosted providers with an explicit professional-secrecy clause — cloud standard isn't enough.

Five places where AI in a practice or MVZ really makes sense

For each case: the situation today, where plugs in, a pointer to the matching setup tiers, and an honest trade-off.

01. Voice dictation to doctor's letter draft

Situation today

Consultations until 6 pm, then an hour and a half of dictations for doctor's letters — anamnesis, findings, assessment, therapy recommendation. In an MVZ with five doctors, letter work quickly piles up into permanent overtime.

Where AI helps

Voice recording is transcribed automatically and turned into a structured letter draft — anamnesis block, findings block, assessment block. The doctor reviews, corrects and signs off. With sensitive patient data, the recording doesn't leave the practice.

What it can't do

Patient data does not belong in public cloud . Practice-grade setups are either full or use certified EU-hosted providers with an explicit professional-secrecy guarantee — and always with a doctor's approval before sending.

02. Appointment chatbot for standard cases

Situation today

The phone rings continuously in the morning. The medical assistant simultaneously runs triage at the front desk, answers prescription queries and tries to book appointments. The patient hears hold music, calls back later, is frustrated — and the next call already goes unanswered.

Where AI helps

A bot answers standard questions about office hours, contacts and routine appointments. Acute complaints, pain topics and unclear concerns are immediately escalated to the medical assistant — with a conversation summary, so no one has to retell their story.

What it can't do

The bot gives no medical advice. For complaints needing triage it switches to a human immediately — that threshold has to be deliberately low.

03. Incoming mail routing and prescription-request classification

Situation today

“Please renew the prescription”, “Can I come earlier on Thursday?”, “Can I still get an AU for yesterday?” — queries come in via five channels at once (email, patient portal, KIM, answering machine, web form). Reviewing them blocks one person for half the morning.

Where AI helps

classifies incoming requests (prescription renewal, appointment request, AU request, complaint, general question), files them in the practice management software in the right and suggests a preparation — approval stays with the doctor or medical assistant.

What it can't do

Prescriptions are not issued automatically. No auto-send for AU certificates either — both require a doctor's review and signature, that's KBV and SGB law.

04. Practice knowledge base (hygiene, SOPs, QM)

Situation today

Hygiene plan, QM manual, emergency SOPs, in-house standards for practice organisation — either in a folder that hasn't been touched since the last KV inspection, or spread across Outlook notes and PVS modules. When a new medical assistant starts, onboarding takes twice as long as it needs to.

Where AI helps

Your own knowledge base with hygiene plan, QM, emergency SOPs and practice-specific instructions — semantically searchable and maintained by the team itself. Onboarding questions find their answer without the practice lead being interrupted each time.

What it can't do

Content is practice knowledge, not patient data. So a hosted variant is conceivable — but the separation of practice knowledge base and patient data must be clearly drawn in the architecture.

05. Coding suggestions for GOÄ/EBM

Situation today

Quarter end, GOÄ and EBM coding gets combed through because otherwise the fee distribution bites back. With specialists doing complex coding, missed numbers or factors are a far too common problem — money sits in the file instead of in the account.

Where AI helps

reviews treatment documentation and suggests numbers and factors based on comparable cases. The doctor reviews, supplements and approves before the KV quarterly billing.

What it can't do

Coding sovereignty stays with the doctor, suggestions are suggestions — no automatic handover to the KV. A local model is practically always the right choice here.

What in healthcare isn't (yet) working

Four promises that are disproportionately risky or regulatorily problematic in practices and MVZs:

AI as a diagnostic tool

As soon as a system generates diagnostic or therapy suggestions, it's a medical device under MDR or IVDR — with extensive certification and conformity duties. For an average practice, that's not an project but a device purchase with vendor certification.

Automated anamnesis without doctor's review

that query symptoms and give suggestions are regulatorily and liability-wise problematic. Pre-structuring patient information is possible — the anamnesis itself remains a doctor's task.

Patient data in public cloud LLMs

§ 203 StGB and social-data protection practically exclude the standard route via OpenAI, Anthropic or Google . or certified EU-hosted providers with an explicit medical secrecy note are the only viable routes.

AI coding without doctor approval

Auto-sending to the KV after coding is a dangerous concept. Wrong numbers only show up in the KV review — and it gets expensive not for the system, but for the practice.

What absolutely has to be thought through for AI in healthcare

Four pillars against which every practice setup is measured:

§ 203 StGB and medical secrecy

Criminally enforceable secrecy on everything entrusted in the treatment relationship. setups that handle patient data must be aligned with the data protection officer and possibly the professional chamber — a DPA alone usually isn't enough.

Social-data protection (§§ 67ff SGB X)

Social data is regulated more strictly than general personal data. Processing, storage and disclosure are clearly regulated — corresponding pipelines need a record of processing activities and possibly a Data Protection Impact Assessment.

MDR / IVDR and liability

Diagnostic or therapy-guiding functions fall under the Medical Device Regulation. Anyone building rather than buying here has to factor in a certification procedure — for most practices not the way. Preparation, classification and admin remains exempt.

TI, KIM, eAU, eRezept

Telematics infrastructure isn't an substitute, it's a mandatory layer for practices. workflows plug into the KIM mailbox or PVS interfaces — never as a replacement for the TI components themselves.

Tools that already run in practices and MVZs

doesn't replace these systems — it plugs in. Where the interface typically sits:

Practice management (PVS)

CGM TurboMed, CGM Albis, CGM Medistar, medatixx, t2med, Tomedo, DocConcept, S3 — typically plugs in via the PVS interface, email gateway or document intake

Telematics infrastructure

Konnektor, eHBA (electronic health professional ID), SMC-B, KIM service, ePA, eAU, eRezept — TI components remain untouched, adds on

Dictation systems

Philips SpeechMike, Nuance Dragon Medical, Speechi with a medical language model — handover point for AI-supported doctor's letter drafts

Appointment and communication portals

Doctolib, Jameda, samedi, the KV's eterminservice — interfaces for appointment bots or online appointment prep

How practices typically get started

Anyone starting without experience has two clear candidates — and one where it pays to clarify the architecture first.

Typical entry point 1 — mail and request routing

Low risk, high effect at the front desk. Prerequisite: clear escalation rules and no automatic sending of prescriptions or AU certificates.

Typical entry point 2 — practice knowledge base (no patient data)

Onboarding pain becomes immediately tangible, data protection requirements are moderate (no patient reference). A good learning step before more sensitive workflows.

Don't start with doctor's letter dictation

As tempting as the letter relief sounds — doctor's letters process real patient data and need or certified EU-hosted providers. Clarify the architecture first, then tackle this .

Funding in healthcare

consulting funding generally also applies to medical practices and MVZs — the subsidy covers consulting and conception effort. Alongside, there are specific programmes for hospitals and partly also outpatient structures (KHZG successor, DigitalPakt Praxis, regional TI funding). Investments in TI components have their own funding tracks that are often combinable with setups.

→ Details on BAFA funding
FAQ

Frequently asked questions about AI in medical practices and clinics

Yes, with clear limits. Administrative tasks (scheduling, pre-classifying prescription requests, consultation notes) are unproblematic as long as patient data is processed in line with GDPR. Diagnostic falls under the EU Medical Device Regulation (MDR) and needs certification — we do not do that.
KIM is the gematik channel for doctor-to-doctor communication. can pre-classify incoming KIM messages (urgent / routine / inquiry) but not answer them. We build the pre-classification as a filter that relieves the practice — the professional answer stays with the doctor.
Strictly or in certified EU data centers (preferably C5-attested or ISO 27001). We do not use cloud such as ChatGPT or Claude for PHI (protected health information). For uncritical administrative tasks with pseudonymized data, EU cloud is fine.
Practices we work with: 3 to 8 hours per week with scheduling, anamnesis prep and doctor's letters. MVZ and larger facilities more, as effects compound. The main bottleneck is usually the interface to the practice management system.
medatixx, MEDISTAR, T2med, x.isynet — all common ones have HL7 or FHIR interfaces or at least CSV export. If the interface is thin, we go via email workflows or documented click automation. We do not change the PMS itself.

Ready for the next step?

Free intro call, no strings attached. In 30 minutes you'll know whether and how AI can help your business.

Book a callCheck eligibility
Book a callBAFA funding