Offshore Medical Billing and Shadow AI: The Behavioral Health Patient Data Privacy Gap No One Is Auditing

July 6, 2026

Offshore billing and consumer AI are reshaping behavioral health revenue cycle work, and experts warn ungoverned tools can expose substance use disorder patient records.

Key Takeaways

  • Behavioral health’s billing chain outruns its oversight: claims routinely leave the provider’s building for a fragmented onshore and offshore vendor chain, where staff under production pressure may paste substance use disorder records into free consumer AI tools such as ChatGPT and Claude. The provider (not the vendor) stays legally accountable for whatever happens to that data downstream.
  • The rules are tightening on paper faster than they can be enforced: federal protections for substance use disorder records under 42 CFR Part 2 took effect in February 2026, Florida already bans offshore storage of health records, and a federal rule will move prior authorization onto standardized interfaces by 2027. Whether any of that reaches a subcontractor pasting a chart into a free chatbot is a separate question.
  • The alarm rests on frontline interviews, not a documented breach: the warning traces to roughly 30 conversations with offshore billing specialists gathered by the authors of an industry article, several of whom hold executive roles at compliance-software or onshore-billing firms. No public breach tied specifically to consumer AI use in behavioral health billing has yet surfaced, a point one source concedes even as he argues it is a matter of when, not if.
  • The practical fix is diligence providers can start now: experts converge on a short list of questions to put to every billing vendor — Do you use AI? Which tools? Do you hold business associate agreements with each AI vendor? Where is protected health information processed? Can you prove compliance with logs and audits? — and treat vendors who cannot answer as disqualified.

Two weeks ago, Dmitry Karpov sent me an email. Karpov is the Chief Executive Officer of Adentris, a healthcare revenue-integrity and compliance software company, and I’ve sat down with him before to discuss the emerging AI landscape in ABA billing.

Attached was an article he had co-written. It opens by assuring the reader that your therapist did not upload your chart to ChatGPT and Claude, and then adds that their offshore billing vendor might have. Over the next two weeks, I spoke with Karpov and three others who work different corners of the same system: Avi Silber, a revenue cycle operator whose firm bills for treatment centers; Dr. Gerald Maccioli, a former Chief Quality Officer who now advises health care companies; and Parker Smith, the founder of a compliance software firm for treatment centers.

All four accounts converged on the shape of the problem, if not always on its urgency. I came to understand that the tools are real, the exposure is certainly plausible, and the volume of records moving through third-party billing pipelines is large enough that no one can say how many hands touch a given chart.

Karpov’s sharpest claim in the aforementioned article is that those records are being fed into AI training pipelines at scale. Right now, that claim largely rests on the authors’ own conversations with about 30 billing specialists, not on any published findings or disclosed breaches, but there’s no refuting the fact that a narrower, more durable problem persists. In fact, it’s a problem that predates both artificial intelligence and the offshore labor it now depends on: an accountability gap in the way behavioral health handles its administrative data.

How Behavioral Health Billing Data Leaves the Building

A patient tends to assume the record of a visit stays with the clinician who made it, yet it rarely does. A single claim can move through coders, billers, utilization-review staff, prior-authorization teams, denial-management teams, and clearinghouses, and, at several of those stops, through the offshore subcontractors that many billing operations quietly rely on, all before the provider is paid. The Department of Health and Human Services classifies coding, billing, and utilization review as business-associate activities whenever protected health information is involved, an arrangement meant to carry the same privacy obligations forward at every handoff.

The offshore layer is neither small nor new. Dr. Gerald Maccioli, an anesthesiologist and intensivist who ran a 40-bed intensive care unit for three decades before becoming Chief Quality Officer at Envision, and who now advises venture-backed health care companies, dates it to the beginning of the century. “If you go back 25 or 30 years, in the Philippines it started with medical transcription being sent overseas,” he told me, remembering admitting notes he dictated at three in the morning and found waiting in the chart by dawn. “That has now grown into revenue cycle and other components. What used to be one person looking at one piece of information, the large language models have allowed to be loaded into these gigantic information-eating carnivores.”

Indeed, in 2024, the Philippine healthcare information management sector alone reported roughly 4.2 billion dollars in revenue and about 190,000 full-time employees, according to the Healthcare Information Management Association of the Philippines, whose lineage runs back to a medical transcription association registered in Manila in 2003. Likewise, India has been a hub for healthcare outsourcing for two decades, while newer entrants in Pakistan and elsewhere handle coding, charge entry, claim submission, and appeals. Behavioral health billing is more fragmented than most, scattered across small- and mid-sized shops that pair a U.S. front office with an offshore back office, an arrangement that makes any honest tally of who has seen a given record nearly impossible.

How much sensitive data now sits with third parties came into view in 2024, when a ransomware crew hit Change Healthcare, a UnitedHealth Group subsidiary that touches roughly one in three American patient records. HHS has since reported that the breach reached an estimated 190 million people, a figure later revised to 192.7 million, making it the largest health care data breach on record. That was a hack, not a chatbot. But it exposed the fact the sources keep pointing to: the systems that move claims now pool sensitive information at a scale where a single failure can reach most of the country.

Shadow AI and the Free-Tier ChatGPT and Claude Default

The mechanism that Karpov and his co-authors describe in their article is almost banal. A biller working against a deadline opens a personal account on a free chatbot, pastes in a chart, and asks for a summary, a denial appeal, or a few lines of medical-necessity language. Two names come up nearly every time. “ChatGPT and Claude would be the top two, and only the top two, that people mention,” Karpov told me. The more technically adventurous shops, he added, reach for open-source models of Chinese origin, which he does not consider any safer.

The worry rests on a quiet detail of how these tools are configured. “When you use the free plan, you consent to improving the model based on your interaction, which essentially means training the model,” Karpov said. As of mid-2026, that is broadly right, albeit with qualifications that matter. OpenAI’s published policy says conversations on its consumer ChatGPT tiers may be used to improve its models unless a user opts out; its business, enterprise, education, and API products are excluded by default. Anthropic, which for years set itself apart by not training on consumer chats, reversed that default in 2025: conversations on its Free, Pro, and Max plans now feed model training unless the user opts out, and are retained for as long as five years if the user allows it, while its commercial and API tiers stay outside the training pool.

Both companies extend business associate agreements only to the excluded enterprise tiers, and both retain some conversations for safety review even after a user opts out. The exposure the sources describe, then, is less a property of AI than of the ungoverned free account, where nothing (no contract, no opt-out, no log) stands between a pasted chart and the model.

In their article, the authors cite an estimate that only a small share of the world’s chatbot users (a few percent) pay for a commercial license, and argue the figure is unlikely to run higher among people who spend all day reading claims and clinical notes. That argument may very well hold water in the current environment, where AI has arrived quickly in behavioral health on the clinical side, and back-office teams feel the same pull, sharpened by reimbursement pressure that already leaves little margin. But for Karpov, it’s not just a theory. Instead, it’s something he’s seen firsthand: a pattern that surfaces whenever his company takes on a client. “When we onboard new clients and ask who uses these tools, we always hear stories about people using them for work without removing patient data, because they don’t know it matters, and they always use free accounts, because it’s easy.”

Not everyone is convinced the tools even repay the risk. Avi Silber is the Chief Operating Officer of ACBilling Solutions, a New York firm that keeps its billing and authorization staff onshore and, so far, uses no AI in its billing. He has yet to see automation outdo people at the thing he counts as the whole job. “I have yet to find anyone where they’ve gotten AI to the point where their collections are higher,” he told me. “They might be equal, and they’re teaching the AI, but I haven’t found it.” Handing a claim to a model carries its own hazard, he pointed out: bill the wrong payer and the mistake can become a False Claims Act problem, which is why, in his shop, a person still signs off before anything leaves the building.

Why SUD and Behavioral Health Records Carry Extra Risk Under 42 CFR Part 2

It’s important to note that a substance use or mental health record is not exactly “ordinary” paperwork. It can carry trauma and abuse histories, relapse notes, suicide-risk assessments, family conflict, and things a person disclosed at a low moment. “These are deeply private, confidential conversations that are critical to treating the patient,” Maccioli said. “We can’t treat trust as a regulatory obligation. It’s fundamental to clinical care. Patients consent to treatment. They don’t consent to becoming data in uncontrolled administrative workflows.”

The law has long drawn that line, and it recently sharpened it. Records created by federally assisted substance use programs fall under 42 CFR Part 2, a confidentiality rule stricter than HIPAA that, as a general matter, keeps them out of legal proceedings against the patient absent written consent or a court order. A 2024 final rule folded Part 2 enforcement into HIPAA’s, with a compliance deadline of February 16, 2026; on that date, the HHS Office for Civil Rights began taking complaints and named noncompliance an enforcement priority. Gone are Part 2’s old and rarely invoked criminal penalties, replaced by the full HIPAA scheme, in which civil penalties reach into the millions of dollars per category of violation each year, and the gravest cases can carry criminal liability. Karpov, whose company handles this kind of data, told me those rules put real money on the line and, in the worst case, reach an executive personally: an exposure, he said, that his own firm takes on directly.

The protections are strongest precisely where the sources say oversight is thinnest, at the far end of a subcontracting chain that can cross several borders before a claim clears. And they attach to records generated by a substance use disorder sector that is itself consolidating and moving in-network, a shift that packs ever more of this material into billing operations already run on thin margins.

The Enforceability Gap: HIPAA, BAAs, and Offshore Accountability

“The issue isn’t AI. The issue is unmanaged AI,” Maccioli said. “You can outsource work. You can’t outsource accountability.” He is at pains to say he has nothing against offshoring; he is an Italian citizen himself, he notes, and some of the capable revenue cycle people he knows work abroad. What he objects to is the unverifiable, unconsented, ungoverned use of AI, regardless of whether it happens in Hyderabad or in Sacramento. However, even with capable folks available abroad, Maccioli warns that signing a contract attesting to HIPAA compliance and then shipping the work overseas is “writing in disappearing ink on wet toilet paper.”

Worse, the liability does not follow the data. When a breach occurs, Karpov and Maccioli both stressed that it is usually the provider who admitted the patient who is left holding the bag, even if the lapse occurred three subcontractors downstream. A business associate agreement, several of them noted, is only a promise. “It’s ultimately a piece of paper that gets signed between the two entities,” Parker Smith, the Chief Executive Officer of Simplifyance, which makes compliance and operations software for treatment centers, told me. “It only states that both parties are going to follow the HIPAA law.” A policy does not block a copy-and-paste; a training module does not reach a personal phone, and once the data is abroad, Karpov argues, the small shops that make up most of the market can attest to HIPAA and Part 2 with almost no way to be held to it.

Smith, who started as a counselor before he started building software, resists the idea that AI created the problem. “It exacerbates the issue,” he said. Behavioral health, in his account, is a young and underfunded field that has trailed others in adopting the technology those others use for oversight, and so criminal demand for health data outpaced the safeguards meant to guard it.

He has watched other such consequences at scale in his own state. In Arizona, a sober-living Medicaid fraud scheme that officials have put at roughly 2.5 billion dollars led regulators to suspend hundreds of behavioral health providers, in what federal officials have called the largest fraud scheme aimed at a single demographic group in recent American history, an upheaval still reshaping the state’s Medicaid market. It is one front in a widening Medicaid audit wave now moving through behavioral health more broadly. “We don’t know what we don’t know about how compromised people’s personal health information really is,” Smith said. Under the current rules, he noted, a breach affecting fewer than 500 people tends to “just get filed away on a shelf.”

Meanwhile, Silber offered a picture of what governed practice looks like and a reminder that AI is not the only source of exposure. An employee of his once had a spouse enter treatment at a client’s facility; rather than trust a policy to keep the employee out of that record, the firm cut off her access to the system entirely. AI aside, he pointed out, remote work overseas can put data in front of a household long before any chatbot is opened. “There’s an AI issue, and then there’s a compliance, HIPAA issue,” he said. “They’re two separate issues, and you can double up on the risk.”

What Providers Should Ask Billing Vendors About AI

The most practical thing the sources offer is a set of questions, and on these they agree almost to the word. They come at a moment when operators are already rethinking how they vet vendors, as AI tools enter and leave the market on short notice. Oversight, the sources say, should be continuous rather than a one-time signature, because the consequences fall on the provider no matter who caused them.

Karpov starts simply. Do you use AI at all? He will ask his client. If so, do you hold business associate agreements with every AI vendor you use, and will you show them to me? “There’s nothing about violating anyone’s privacy in that request,” he explained to me. “There’s no commercial secret in which AI tools you use.”

Smith would add a single instruction: ask any outside party handling patient data what security protocols it has written down, then ask it to prove it follows them. “If someone can’t answer those questions,” he said, “you should be running in the opposite direction.” Maccioli casts the same idea as a five-part test he thinks most behavioral health executives would fail. Where is your protected health information actually processed? Which AI tools are approved, and which are blocked? Can you prove compliance with logs and audits? Do you know every subcontractor that touches the data? “If the answer to all of those is no,” he said, “you should not be sending your data offshore.”

None of them are arguing to abandon AI or offshore labor, to be clear. What they want is the governed version of both: enterprise tools under a signed agreement, with retention limits, access controls, endpoint monitoring, and a default that does not feed the model, kept onshore where regulators, courts, and licensing boards can reach it. A few operators are going further and building their own tools in-house rather than trust a vendor at all. Silber’s counsel is blunter. Look past the billing company’s price and its branded giveaways, he says, and look at what it collects. “No one is going to hire me for a cup or a sweater,” he said. The vendors worth keeping, in his view, are the ones willing to call and deliver bad news.

The Policy Push for Onshore PHI, and the Interests Behind It

The sources are not only diagnosing a problem; some are working to change the rules, which is worth keeping in view. Karpov says he has been writing to governors and members of Congress in the states where addiction treatment clusters, pressing them to require that protected health information be handled onshore, and he links the request to the White House’s Great American Recovery Initiative, the January 2026 executive order that casts addiction as a national priority and cites tens of millions of Americans with substance use disorder. The replies so far, he says, have been formal rather than substantive.

There is precedent for what he is after. Florida’s SB 264, in effect since 2023, already requires that certain patient records be kept physically within the continental United States, its territories, or Canada, and pushes that duty down to third-party vendors; Medicaid and Medicare Advantage contracts often restrict offshore processing as well. The work itself is changing, too. The CMS Interoperability and Prior Authorization final rule will require affected payers to support standardized prior-authorization interfaces by 2027, which could automate away some of the manual, copy-and-paste labor where shadow AI tends to slip in. Nor is enforcement waiting for new mandates: state Medicaid programs are already pursuing audit-driven recoupments from behavioral health providers.

It is worth holding the incentives in mind. The people sounding the alarm are, in turn, executives at a company that sells the governed, U.S.-hosted, auditable systems they recommend; an onshore biller whose whole pitch is defined against the practices he faults; and the founder of a compliance software firm competing in the same market. The disclosures are on the record. So is the fact that their central claim, that sensitive records are flowing into consumer AI at scale right now, rests on their own interviews rather than on a documented event. Maccioli grants the point. “I keep waiting for the big data breach,” he said. “I don’t think it’s an if.” Data-localization mandates carry costs that are themselves disputed, and, the sources allow, onshore is no guarantee: the Arizona fraud was homegrown, and a VPN into an American server does nothing to stop a worker from copying what is on the screen into a chatbot.

What no one really disputes is the shape of the thing. Compliance scrutiny is already reshaping deal-making across behavioral health, and payers are tightening utilization management in ways that send administrative volume and administrative strain further down the chain. Providers reaching for AI to keep up as Medicaid rates flatten are taking on a data-governance question most have not yet put to their vendors. The behavioral health record is unusually revealing, and, as of this year, unusually protected in law. Whether that protection survives the trip through a global billing chain is, for now, something each provider answers on its own, one vendor and one signed agreement at a time.

Ethan Webb is a staff writer at Acuity Media Network, where he covers the business of autism and behavioral health care. His reporting examines how financial pressures, policy changes, and market consolidation shape the ABA industry — and what that means for providers and families. Ethan holds a BFA in Creative Writing from Emerson College and brings more than seven years of professional writing and editing experience spanning healthcare, finance, and business journalism. He has served as Managing Editor of Dental Lifestyles Magazine and has ghostwritten multiple titles that reached the USA Today and Wall Street Journal bestseller lists.