AI Competence & Compliance

AI Competence & Compliance

Use AI. Legally compliant. From day one.

The EU AI Act obligates every practice using AI to take specific measures from mandatory training to data protection impact assessments. ClinicOS is one of the few practice management system (PVS) providers that actively supports you with AI compliance. Free of charge.

The EU AI Act obligates every practice using AI to take specific measures from mandatory training to data protection impact assessments. ClinicOS is one of the few practice management system (PVS) providers that actively supports you with AI compliance. Free of charge.

What the EU AI Act means for your practice

Since February 2025, new rules for the use of AI in the EU have applied. Every physician who uses AI-supported software — whether for documentation, telephony, or billing — becomes an operator within the meaning of the AI Act. That sounds abstract. The obligations are not.

Since February 2025, new rules for the use of AI in the EU have applied. Every physician who uses AI-supported software — whether for documentation, telephony, or billing — becomes an operator within the meaning of the AI Act. That sounds abstract. The obligations are not.

In effect since February 2025

AI expertise for your practice team

Art. 4 of the AI Act: You must ensure that your entire team — doctors and medical assistants — has sufficient AI competence. That means documented training. There is no grace period.

Art. 4 of the AI Act: You must ensure that your entire team — doctors and medical assistants — has sufficient AI competence. That means documented training. There is no grace period.

Applies now (GDPR)

Data Protection Impact Assessment

Art. 35 GDPR: AI that processes health data generally requires a data protection impact assessment (DPIA). This applies to any practice that uses AI-supported documentation or telephony.

Art. 35 GDPR: AI that processes health data generally requires a data protection impact assessment (DPIA). This applies to any practice that uses AI-supported documentation or telephony.

Applies from August 2026

Human oversight & record-keeping requirement

Art. 26 AI Act: Operators of high-risk AI must ensure that AI-generated results are not adopted without review. Even below the high-risk threshold, we recommend documented review processes.

Art. 26 AI Act: Operators of high-risk AI must ensure that AI-generated results are not adopted without review. Even below the high-risk threshold, we recommend documented review processes.

These obligations apply regardless of which practice software you use. The difference: with ClinicOS, you do not have to handle it on your own.

WHAT OTHERS DO NOT DELIVER

The compliance gap of the major providers

The major PMS providers invest in data protection and certifications for their own infrastructure — ISO 27001, German servers, encrypted connections. That is good. However, the obligations that arise for you as the practice operator remain unmentioned. Compliance obligations that lie with you as the operator are addressed by very few PMS providers.

The major PMS providers invest in data protection and certifications for their own infrastructure — ISO 27001, German servers, encrypted connections. That is good. However, the obligations that arise for you as the practice operator remain unmentioned. Compliance obligations that lie with you as the operator are addressed by very few PMS providers.

You receive a product. And an FAQ. Those are not the same.

You receive a product. And an FAQ. Those are not the same.

You receive a product. And an FAQ. Those are not the same.

The CLINICOS Compliance Package

The ClinicOS Compliance Package

Every ClinicOS customer receives a complete compliance package — free of charge, from day one.

Every ClinicOS customer receives a complete compliance package — free of charge, from day one.

1
Free AI training in 3 stages

Online training program for your entire practice team — from the medical assistant to the practice owner. Three levels: Beginner (2h), Intermediate (4h), and Advanced (8h). Live sessions with our AI researchers. Includes a certificate of participation as compliance documentation under Article 4 of the AI Act.

Online training program for your entire practice team — from the medical assistant to the practice owner. Three levels: Beginner (2h), Intermediate (4h), and Advanced (8h). Live sessions with our AI researchers. Includes a certificate of participation as compliance documentation under Article 4 of the AI Act.

2
Security Disclosures

A pre-filled Data Protection Impact Assessment, specifically for ClinicOS. It shows which data is processed, where the servers are located, and what protective measures are in place. You only need to add your practice-specific details — without an external data protection consultant.

A pre-filled Data Protection Impact Assessment, specifically for ClinicOS. It shows which data is processed, where the servers are located, and what protective measures are in place. You only need to add your practice-specific details — without an external data protection consultant.

3
Complaints

A clear guideline for everyday practice: which AI-generated results must be reviewed, by whom, and how this review is documented. Seamlessly integrated into your ClinicOS workflow.

4
Data Protection Inquiries

ClinicOS automatically stores system logs in compliance with legal requirements. Transparent documentation of when each AI function delivered which result — without any manual effort on your part.

ClinicOS automatically stores system logs in compliance with legal requirements. Transparent documentation of when each AI function delivered which result — without any manual effort on your part.

WHAT OTHERS DO NOT DELIVER

AI Competency Training: Three Levels. Free

Our training program meets the requirements of Art. 4 of the EU AI Act. Developed by licensed physicians and AI researchers — not by generic training providers.

Our training program meets the requirements of Art. 4 of the EU AI Act. Developed by licensed physicians and AI researchers — not by generic training providers.

Level 1 — Beginner

AI Fundamentals & Awareness

All staff & end users

2 hours | live online training + e-learning

2 hours | live online training + e-learning

What is AI? Terms, distinctions, everyday examples

How does AI work? Machine learning, LLMs, prompt logic

Opportunities & Risks: Hallucinations, Bias, Misinterpretation

Data Protection Basics: What Can I Enter? GDPR Relevance

EU AI Act Overview: Risk Categories and Obligations

Recognizing Deep Fakes & Disinformation

Completion: Certificate of attendance
Prerequisites: None

Level 2 — Intermediate

AI strategy & responsible use

Power users, practice managers, team leaders

4 hours (2 × 2h) | live online training + workshop

4 hours (2 × 2h) | live online training + workshop

AI Act Deep Dive: Risk Classes, Obligations, Sanctions

GDPR & AI: Lawful bases for processing, DPIA

AI Governance: Roles, Responsibilities, Documentation

Developing an AI policy for your own practice

Risk assessment of AI tools

Ethics: Bias, Fairness, Transparency

Industry-specific: AI in healthcare & MDR

Completion: Certificate of participation + competency test
Prerequisites: Beginner certificate or equivalent

Level 3 — Advanced

AI Management & Compliance Ownership

AI decision-makers, managing directors, compliance

8 hours (2 × 4h) | Live online training + practical lab

8 hours (2 × 4h) | Live online training + practical lab

AI Act: Complete list of obligations for providers & deployers

High-risk AI: conformity assessment, CE marking

AI management system in accordance with ISO/IEC 42001

Build an AI risk management framework

Technical AI safety: robustness, monitoring

Implementing Human Oversight: Levels of Automation, Escalation Logic

Practice Lab: Develop Your Own AI Training Concept

Qualification: Certificate of participation + project work
Prerequisites: Intermediate certificate or demonstrable AI experience

Lecturers

Legal content is created and reviewed in coordination with lawyers specializing in AI law. Regular updates are made in response to regulatory changes.

Legal content is created and reviewed in coordination with lawyers specializing in AI law. Regular updates are made in response to regulatory changes.

Dr. Sohrab Shojaei Khatouni

CEO & Chief Scientific Officer, NoscAi GmbH

8+ years of research in medical AI at the Hamburg University of Technology and the University Medical Center Hamburg-Eppendorf. Founder and developer of ClinicOS.

Stefan Neumann, M.Sc.

Head of AI, NoscAi GmbH

Master of Science in Computer Science. 4+ years of AI research at TU Hamburg. Responsible for the AI architecture and development of ClinicOS.

Our AI documents. It does not make diagnoses.

Some providers let their AI independently suggest diagnostic codes. That may sound practical — but it comes with significant regulatory consequences. Systems that derive ICD-10 codes from the context of a conversation may be classified as medical devices — with mandatory certification and the full set of obligations for high-risk AI.

Some providers let their AI independently suggest diagnostic codes. That may sound practical — but it comes with significant regulatory consequences. Systems that derive ICD-10 codes from the context of a conversation may be classified as medical devices — with mandatory certification and the full set of obligations for high-risk AI.

ClinicOS deliberately takes a different approach: our AI transcribes, structures, and documents—based on what you, as the physician, say and decide. Diagnostic control remains entirely with you.

ClinicOS deliberately takes a different approach: our AI transcribes, structures, and documents—based on what you, as the physician, say and decide. Diagnostic control remains entirely with you.

This is not a technical limitation. It is a deliberate decision — for your legal protection.

This is not a technical limitation. It is a deliberate decision — for your legal protection.

This is not a technical limitation. It is a deliberate decision — for your legal protection.

Doctor and patient discussing health records at a desk. Laptop in the foreground.

Use AI. Know your obligations. Be secure and well prepared.

At ClinicOS, you get more than just one of the most modern AI practice software solutions — you also get the security of using it in full legal compliance. From day one.

At ClinicOS, you get more than just one of the most modern AI practice software solutions — you also get the security of using it in full legal compliance. From day one.

Bearded man smiling. Portrait.

Sebastian Krüger

Customer Success

Made in Germany