Skip to content
Lewis Crook
Billing & payments · Healthcare

Voice AI for medical billing and patient payments

Patient-side billing is one of the highest-value voice AI deployments in healthcare: high call volume, narrow intent, and clear self-service. The constraints are PCI scope reduction in a HIPAA-covered call path, financial-assistance routing for hardship, and surprise-billing disclosures where they apply.

Realistic containment band

50–70% on statement explain and payment intents; lower on disputes and financial assistance by design

Integration touchpoints

  • Revenue cycle management for statement, last payment, and itemised charges
  • PCI-scoped payment processor with DTMF capture, so the LLM never sees a PAN
  • Financial-assistance application workflow — AI captures, a trained specialist decides
  • Good-faith-estimate retrieval where surprise-billing rules apply

Regulatory hooks

  • HIPAA — PHI handling on statement disclosure, BAA on every sub-processor
  • PCI DSS 4.0 — cardholder data isolated from the AI call path by design
  • No Surprises Act (US) — good-faith-estimate availability shapes the script on uninsured / self-pay calls
  • State medical-debt-collection rules — disclosure and hardship language varies

What good looks like

AI explains the statement line-by-line where the caller asks, takes the payment via DTMF capture into a PCI-scoped flow, sets up a payment plan within pre-approved policy bands, and routes hardship or financial-assistance questions to a trained human. No PHI in the payment flow beyond what the processor needs; no PAN in the LLM.

Watch-outs

  • PCI scope creep. Any path that exposes a digit of cardholder data to the LLM pulls the model into scope.
  • Negotiating financial assistance from the AI. Hospital financial-assistance programmes are regulated and discretion-bound; capture, do not decide.
  • Skipping good-faith-estimate retrieval on self-pay calls. The No Surprises Act framing shapes the script.
  • Aggressive collections language. State rules and provider brand both penalise it.

Frequently asked

How does PCI work inside a HIPAA call path?

The two regimes are orthogonal — both apply simultaneously. PCI requires that cardholder data is segregated from out-of-scope systems; the LLM is out of scope by design. HIPAA requires BAA coverage of every sub-processor handling PHI, which includes the AI model provider. Both have to be satisfied; neither replaces the other.

Should the AI offer payment plans?

Within pre-approved bands, yes — those are operational decisions the policy can encode. Anything outside the band, including any hardship signal, routes to a trained specialist. Financial-assistance applications are captured, not decided.

Related