I don’t where you live. But almost all of bigtech US cloud is problematic (Read: Illegal to use) for storing or processing of Personal information according to the GDPR if you’re based in the EU. Don’t know about HIPPA and other non-EU legislation. But almost all cloudservices use US bigtech as a subprocessor under the hood. Which means that the use of AI and cloud is most likely not GDPR-complaint. Which you could mention to the right people and hope they listen.
Edit: It’s illegal to use for the processing of the patients PII, because of transfer to insecure third countries and because bigtech uses the data for their own purposes without any legal basis.
Edit 2: The same is the case with your, and your colleagues PII.
In my opinion privacy and GDPR is the same in this case. I think most public authorities is required to have a DPO, fx hospitals or the relevant health authority. The DPO can help answer your and your bosses questions on the mentioned questions.
Hope you figure it out.
+1 Kodi. Been running it for ages on an old laptop with a infared remote with USB dongle. Kodi is set to autostart. Pretty hands off and can stream to it from local sources using Kore for android.
EDIT: Can stream from local AND online sources using Kore ex Newpipe (Youtube).