Stop guessing at AI prompts. Here are 5 that work in a medical office.

By Deepika Satyadev, Director of Marketing | Built and tested at the PEAKE AI Lab | May 2026

Over the past year, we’ve sat down with a lot of practice administrators trying to figure out where AI actually helps. The answer usually isn’t where the vendors say it is. It’s in the small, repetitive tasks that eat staff time. Vendor contract reviews, policy rewrites, denial appeals, intake forms. The five prompts below are the ones we’ve watched work in real practice environments.

The numbers say what the inbox already tells you. The MGMA 2026 Regulatory Burden Report found 95% of practices report increased regulatory burden over the past three years.

That pressure is showing up in how physicians think about AI. The AMA’s most recent physician survey found that 57% of physicians name administrative automation as AI’s single biggest opportunity in practice.

**One ground rule before you start. Never paste protected health information into a public AI tool. The free tiers of ChatGPT, Copilot, and Claude are not HIPAA-aligned. Strip identifiers, use placeholders, and treat the AI like a smart but unverified contractor.**

Prompt 1. Summarize a vendor contract before you sign

Have ready: the full contract text, the vendor’s pitch summary, and any contract clauses your practice has been burned by in the past.

Summarize the contract below in 200 words. Use this structure:

WHAT WE’RE BUYING: one sentence
TERM: initial length, auto-renewal terms, total minimum cost
CANCELLATION: notice period, termination fees, what triggers an out
ESCALATORS: price increases, when they kick in, are they capped
FLAGS: any unusual clause — limitation of liability, exclusivity, data ownership, AI training rights on our data, indemnification, forced arbitration

THREE QUESTIONS to ask the vendor before signing

This is a screening summary only. Final review goes to legal.

CONTRACT:

[Paste full text.]

What you should expect: A clean summary that surfaces the things vendors hope you won’t notice. Auto-renewal windows, AI training rights on your data, escalator clauses, and liability caps set far below the financial risk of a breach. Pair it with legal review for anything you actually sign.

What to watch for: Verify every clause number the AI cites. If it says “Section 8.3 grants…” check that Section 8.3 says that. Hallucinated clause references are dangerous in contract work.

Prompt 2. Rewrite a policy update for staff and patients at the same time

Have ready: the policy update text, the effective date, who handles escalations at your practice, and your patient-facing phone number.

I’m going to paste a policy update below. Give me two versions.

VERSION 1 — Staff brief (4–5 bullets):

– What changed

– Effective date

– What we do differently starting [date]

– What could go wrong if we don’t comply

– Who to escalate to: [role]

VERSION 2 — Patient-facing notice under 150 words:

– Plain language, 7th-grade reading level

– No acronyms

– End with: “Questions? Call us at [phone].”

Use ONLY the source text below. Do not infer details. Flag ambiguity.

POLICY TEXT:

[Paste here.]

What you should expect, given a CMS rule on the new G2211 modifier effective January 2026:

VERSION 1 — Staff brief

What changed: A new modifier (G2211) required on office/outpatient E/M visits with established longitudinal relationships.
Effective: January 1, 2026.
What we do differently: Billing adds G2211 to qualifying claims; providers document language establishing the longitudinal relationship.
Risk: Missing the modifier triggers a per-claim payment reduction. At our volume, meaningful annual hit.
Escalate to: Practice Administrator for billing; Clinical Lead for documentation.

VERSION 2 — Patient-facing notice

Starting January 1, 2026, you may notice a new code on your billing statement for visits with your established provider. This reflects the ongoing relationship you have with our practice. It does not change your visit, your care, or your usual cost. Questions? Call us at (555) 555-5555.

What to watch for: If the staff brief contains a detail not in your source text, that’s a hallucination. Delete it and re-prompt.

Prompt 3. Draft an insurance denial appeal in under five minutes

Have ready: the denial letter with identifiers removed, the denial code and reason, the payer’s published medical necessity criteria for the service, and the rendering provider’s name and credentials.

Draft a clinical appeal letter to [payer name] for a denied claim.

Structure:

Header: practice info, NPI, date, payer claim #
State we are appealing denial of [CPT code] for date of service [date]
Cite the specific denial reason from the letter
Reference the payer’s published medical necessity criteria (pasted below)
Leave [CLINICAL JUSTIFICATION] as a placeholder for the provider
Closing: request reconsideration, provide follow-up contact

Tone: formal, neutral. Under one page.

DENIAL LETTER: [Paste, identifiers removed.]

MEDICAL NECESSITY CRITERIA: [Paste the relevant policy section.]

What you should expect: a billing-ready letter with the structural work done.

Re: Appeal of Denied Claim — CPT 73721 (MRI lower extremity)

Date of service: April 18, 2026

We are formally appealing the denial of claim [#] dated May 2, 2026. The denial cited “lack of documented conservative treatment” as the basis for non-coverage.

Aetna’s Clinical Policy Bulletin 0653 establishes coverage when conservative treatment of at least six weeks has failed and symptoms persist. Per the medical record:

[CLINICAL JUSTIFICATION — to be completed by Dr. [Name], MD]

Based on the above, the imaging meets the medical necessity criteria established in Aetna CPB 0653. We respectfully request reconsideration.

Provider adds two or three sentences of clinical reasoning. Appeal is out the door in five minutes instead of thirty.

What to watch for: Verify the policy citation. AI is prone to fabricating policy numbers from its training data. That’s why the “I will paste the criteria below” instruction matters.

Prompt 4. Write a no-show recovery message that gets a reschedule

Have ready: your practice name, reschedule link, phone number, and the visit type you’re recovering.

Write three short SMS messages for a patient who no-showed at

[practice name].

Constraints:

– Tone: warm, non-judgmental, practical — NOT guilt-tripping

– Under 160 characters each

– Include [link] and [phone]

– No emojis

– Use [First name] as a placeholder

– Visit type: [e.g., “annual physical”]

Output as three numbered messages with character count after each.

Vary the opening so we can A/B test.

What you should expect:

Hi [First name], we missed you at your annual physical. Life happens — let’s get you rescheduled. Book: tidewatermed.com/book or (757) 555-0100. (154 chars)
[First name], no problem on the missed visit. Your annual physical is one of the most important hours you’ll spend this year. Rebook: tidewatermed.com/book. (158 chars)
Hi [First name] — we held your spot but couldn’t reach you. Reschedule when you’re ready: tidewatermed.com/book or (757) 555-0100. We’re here when you are. (158 chars)

Pick one, save it as a template in your reminder system, and merge in the first name from your patient database. Not from the AI.

What to watch for: If a message runs long, ask for a tighter rewrite. If the tone is off, name the shift specifically: “less apologetic, more matter-of-fact.”

Prompt 5. Pressure-test your intake form without rewriting it

Have ready: your current intake form, fully de-identified, plus your abandonment rate if you track it, and your reading-level target.

Review the intake form below. For each question, flag whether it:

A) Is hard to read at a 7th-grade level (cite the specific phrase)
B) Asks for information our clinicians won’t actually use
C) Is in the wrong order — easier, less sensitive questions should

come first to reduce abandonment

Output as a table: Question # | Question text | Flags | Suggested change

Show me the flags first. Do NOT rewrite the full form. I’ll tell you

which suggestions to act on.

INTAKE FORM:

[Paste the de-identified form. Number each question.]

What you should expect:

#	Question	Flags	Suggested change
1	What is your chief complaint today?	A	Replace “chief complaint” with “main reason for today’s visit.”
2	Onset, duration, character, exacerbating factors of your symptoms	A	Break into three plain-language questions: “When did this start?” / “How long does it last?” / “What makes it worse?”
3	List all current medications including dose and frequency	—	Keep as is.
4	Have you experienced anhedonia in the past two weeks?	A	Replace with: “Have you lost interest or pleasure in things you used to enjoy?”
5	What is your preferred pharmacy?	C	Move earlier. Non-sensitive and easy to answer.

The “do not rewrite, flag first” instruction is the critical line. Without it, the AI rewrites the whole form on the first pass and quietly drops clinically required language.

What to watch for: If the AI flags a question your clinicians actually do use, push back: “Keep question 4. It’s clinically required. Suggest a plain-language version instead.”

Why these prompts work

Each of the five is built on techniques with peer-reviewed evidence behind them. The point isn’t to make you a prompt engineer. It’s so you can adapt these prompts to your own workflows without guessing.

Structured decomposition. Every prompt breaks the task into explicit, numbered steps. Wei et al. (2022) at Google Research showed that “chain-of-thought” prompting, where reasoning is broken into intermediate steps, significantly outperforms freeform prompting on complex tasks. The contract reviewer and denial appeal prompts both rely on this.

Few-shot examples. The worked examples above aren’t just for reading. They’re prompt fuel. Brown et al. (2020), the original GPT-3 paper, established that giving the model examples of good output before asking for new output substantially improves accuracy. When you adapt one of these prompts, paste the worked example back in as a sample.

Source-of-truth grounding. Every prompt that touches authoritative content includes a line like “use only the source text below.” That’s a hallucination control. The healthcare-specific tutorial from Meskó (2023) in the Journal of Medical Internet Research names this as one of the most important techniques for medical professionals to learn.

Output constraints. Length caps, format specs, “do not rewrite, flag first.” Open-ended prompts produce open-ended messes.

Verification as a discipline. Every “what to watch for” note is a verification step. Even well-prompted models hallucinate, especially on specific codes, citations, or clause numbers. The fix is procedural. You check. You don’t trust.

A note on scaling. A common question is whether you need GPT-5 or Claude Opus to do this work. For the administrative tasks in this post, almost certainly not. Scaling laws (Hoffmann et al., 2022, the “Chinchilla” paper) describe how model performance improves with size and training data, but the gains compound on hard reasoning tasks, not on structured admin work. The bottleneck for a practice administrator isn’t model size. It’s prompt quality and workflow integration.

What AI tools are HIPAA-aligned for medical practices?

Tool	BAA available?	What you can use it for	What you can’t
ChatGPT Free, Plus, Team, Enterprise	No — OpenAI does not sign BAAs for these tiers	De-identified text only: policy summaries, templates, vendor contracts	Anything containing ePHI — names, DOB, MRN, identifiable diagnoses
ChatGPT for Healthcare (OpenAI’s dedicated offering)	Yes	ePHI with proper data residency, audit logs, and customer-managed encryption	Outside the scope of the BAA
Microsoft 365 Copilot (with E3/E5 + BAA)	Yes	Internal documents that may contain ePHI; Office-integrated workflows	Public ChatGPT-tier prompts; anything outside the M365 boundary
Healthcare-specific AI (Abridge, Suki, DAX, Nuance)	Yes, with BAA	Clinical documentation, ambient scribing, EHR-integrated workflows	Use cases outside the vendor’s scope of services
Generic “AI for healthcare” wrappers	Varies — verify before paying	Depends entirely on the BAA they offer	Anything sensitive until you’ve read the data handling terms

The PEAKE AI Lab’s 8-point framework is built specifically for the wrapper-vs-real-tool distinction in the bottom row.

Frequently asked questions

Is ChatGPT HIPAA-aligned for use in a medical practice?

The standard versions are not. OpenAI does not sign Business Associate Agreements for ChatGPT Free, Plus, Team, or Enterprise, which means none of those tiers can be used with ePHI. The only OpenAI offering that supports HIPAA compliance is ChatGPT for Healthcare, a dedicated product with data residency, audit logs, customer-managed encryption, and an available BAA. Microsoft 365 Copilot with the right enterprise license and a signed BAA is another option. For clinical documentation specifically, healthcare-native tools like Abridge, Suki, and DAX support HIPAA compliance through their own BAAs. Practices using the free or consumer-tier versions for anything touching patient data are creating real exposure. HIPAA Journal has the full breakdown.

How does a small practice evaluate which AI tools are worth paying for?

Most AI tools pitched to healthcare practices are wrappers built on general-purpose models, priced at a premium with limited healthcare-specific value. The PEAKE AI Lab evaluates AI tools through a healthcare-first lens. Clinical impact, EHR integration, HIPAA security, implementation, support, financial stability, ease of use, and total cost. The framework helps practice leaders tell the difference between a real tool and a marketing veneer.

See the framework we use to evaluate AI tools

The average independent practice owner gets pitched 15 AI tools a month and can’t tell the wrappers from the real thing. The PEAKE AI Lab walks through the 8-point framework we use to evaluate AI tools for healthcare practices: Clinical Impact, Security & Compliance, EHR Integration, Ease of Use, Implementation, Support, Financial Stability, and Cost/Value. Use it the next time a vendor lands in your inbox.