Oracle + Claire

Oracle + Claire AI: OCI AI Services, Oracle OPERA PMS, and Oracle Health (Cerner) Integration

Updated February 202612 min readOCI AI • Oracle OPERA • Oracle Health • Cerner APIs • HIPAA

Key Reference Data

Oracle Cloud Revenue 2024

$19.8B

Oracle Health Cerner Customers

26,000+ orgs

OPERA PMS Market Share

~35% luxury hotels

Oracle HIPAA BAA

Available OCI

Oracle Health (Cerner) Ransomware Attack — 2024 Data BreachIn January 2024, Oracle Health (formerly Cerner) confirmed a data breach involving a legacy Cerner platform that had not yet been migrated to Oracle Cloud Infrastructure. The breach affected multiple hospital customers and potentially exposed patient health records. This incident highlighted two critical points for Oracle Health AI integration: (1) data in legacy Cerner systems (pre-OCI migration) may not have the same security controls as Oracle Cloud, and enterprises must verify which infrastructure their Oracle Health data resides on; and (2) AI systems accessing Oracle Health data must implement equivalent security controls and breach detection capabilities. Oracle Health is actively migrating Cerner customers to OCI — confirm migration status before deploying AI on Oracle Health data.

Section 01

Oracle Cloud Infrastructure AI Services

Oracle Cloud Infrastructure (OCI) provides AI services through: OCI Generative AI (hosted LLMs including Cohere, Llama 2, and Oracle's own models), OCI Language (NLP services for clinical text processing, entity extraction), OCI AI Anomaly Detection, and OCI AI Vision. For healthcare AI, OCI's HIPAA-eligible services (OCI executes HIPAA BAAs) provide the compliance foundation. Claire can be deployed on OCI and configured to use OCI Generative AI as the LLM provider, maintaining the full Oracle Cloud compliance posture for healthcare customers that require all data processing within OCI.

Section 02

Oracle OPERA PMS and Oracle Health (Cerner) Integration

Oracle OPERA is the dominant property management system (PMS) in luxury and large-scale hospitality — used by Marriott, Hilton, IHG, and Four Seasons among others. OPERA Cloud provides REST APIs for property management operations: reservations, room assignments, guest profiles, and billing. Claire integrates with OPERA Cloud via REST API for hospitality AI use cases: guest service AI (answering queries about reservations, facilities, local recommendations), front desk support AI (check-in assistance, upsell recommendations), and revenue management AI assistance.

Oracle Health (formerly Cerner) is one of the largest electronic health record (EHR) systems — used by over 26,000 healthcare organizations. Oracle Health provides FHIR R4 APIs for clinical data access. Claire integrates with Oracle Health via FHIR APIs for clinical AI assistance: clinical decision support, patient documentation assistance, and care coordination AI. All Oracle Health AI deployments require HIPAA BAA with both Oracle Health and Claire.

Checklist

Integration Checklist

OCI HIPAA BAA ExecutionExecute Oracle Cloud Infrastructure HIPAA Business Associate Agreement before processing Protected Health Information in any OCI-hosted system including Claire. OCI's HIPAA BAA is available through Oracle's contracts team and covers eligible OCI services. Document BAA execution date and covered services in your HIPAA compliance records.
Oracle Health FHIR API AuthenticationConfigure Oracle Health FHIR API access for Claire: register as an authorized application in Oracle Health's developer portal, obtain SMART on FHIR OAuth credentials, configure required FHIR scopes (patient read, observation read, condition read — minimum required for clinical AI use case), and implement FHIR audit logging. Oracle Health's FHIR APIs implement SMART App Launch for secure clinical application authentication.
OPERA Cloud API ConfigurationConfigure Oracle OPERA Cloud API access for Claire: create OPERA Cloud API integration user with minimum required roles (Reservations, Cashiering read — no administrative access), configure OAuth 2.0 client credentials, implement OPERA API rate limit compliance (Oracle OPERA has strict rate limiting on cloud APIs), and test all required endpoints in OPERA Cloud sandbox before production.
OCI IAM Policy for ClaireConfigure OCI Identity and Access Management (IAM) policies for Claire service principal: create OCI Dynamic Group for Claire instances, create IAM policy granting access to specific OCI resources (OCI Generative AI, OCI Language, relevant object storage buckets), apply principle of least privilege, and enable OCI Audit service for Claire's OCI API calls.
Oracle Health Clinical Data HIPAA ControlsFor clinical data AI using Oracle Health: configure minimum necessary data access (only retrieve the specific FHIR resources required for the AI use case), implement PHI field masking in AI logs (never log PHI in plain text in AI interaction logs), configure audit logging of all FHIR API access for HIPAA audit purposes, and ensure Claire's HITL gates are enabled for all clinical decision support outputs.
OPERA Guest Data PCI and GDPR ControlsFor hospitality AI using OPERA guest data: never pass payment card data (PAN, CVV) to Claire AI — OPERA CLOUD stores payment data in its PCI-compliant vault, which is not accessible via standard API. GDPR applies to EU guest profiles — configure data minimization (pass only required guest data fields for specific AI interaction), execute GDPR DPAs with Oracle and Claire for EU guest data, and implement consent-aware processing.
OCI Network Security for AI IntegrationConfigure OCI network security for Claire integration: deploy Claire in OCI VCN (Virtual Cloud Network) for network isolation, configure Security Lists and Network Security Groups restricting traffic to/from Oracle systems, use OCI Service Gateway for routing OCI API calls within OCI network without internet transit, and enable OCI Flow Logs for network traffic auditing.
Oracle Health Clinical AI Disclaimer RequirementsConfigure Claire to include required clinical disclaimers in all Oracle Health clinical AI outputs: 'This AI-generated information is for clinical decision support purposes only and must be reviewed by a licensed healthcare provider before clinical application.' HITL gate must be enabled for all clinical suggestions — no automated clinical actions are permitted without physician/clinician review and approval documented in the patient record.

FAQ

Frequently Asked Questions

Does Oracle provide HIPAA BAAs for OCI and Oracle Health?

Yes. Oracle executes HIPAA Business Associate Agreements (BAAs) for Oracle Cloud Infrastructure (OCI) services and for Oracle Health (Cerner) systems. For OCI: the BAA is available through Oracle's sales and contracts team; it covers HIPAA-eligible OCI services (Compute, Storage, Database, OCI Generative AI). For Oracle Health: Cerner/Oracle Health executes a BAA as part of its standard EHR customer agreements. Claire's HIPAA BAA covers Claire's processing of PHI accessed via Oracle Health APIs. All three BAAs should be in place before deploying clinical AI.

What are Oracle OPERA Cloud's API capabilities for hospitality AI?

Oracle OPERA Cloud provides REST APIs for: Reservation management (create, modify, cancel reservations), Guest profiles and preferences, Room and rate availability, Cashiering and billing, Housekeeping management, and Reporting and analytics. The OPERA Cloud REST API uses OAuth 2.0 authentication. APIs are subject to rate limiting — production deployments require Oracle OPERA Cloud API license. Claire's OPERA integration enables guest service AI, front desk support, and revenue optimization AI within the OPERA system.

How does Claire access clinical data from Oracle Health (Cerner)?

Claire accesses Oracle Health (Cerner) clinical data via FHIR R4 APIs. Oracle Health provides a FHIR API endpoint that implements the HL7 FHIR R4 standard — the same API standard used across major EHR systems (Epic, Meditech). Authentication uses SMART on FHIR OAuth (SMART App Launch Framework). Clinical resources accessible: Patient, Observation (lab results, vitals), Condition (diagnoses), MedicationRequest, Encounter, and CareTeam. Claire retrieves minimum necessary clinical data for each AI use case and does not persist clinical data beyond the AI interaction session.

What happened in the Oracle Health (Cerner) 2024 data breach and how does it affect AI deployments?

In January 2024, Oracle Health disclosed a breach of a legacy Cerner data transfer environment that had not been fully migrated to Oracle Cloud Infrastructure. Patient data from multiple hospital customers was potentially accessed. The breach occurred in pre-migration infrastructure, not in Oracle Cloud. For AI deployments: verify that the Oracle Health environment you are integrating with is on OCI (post-migration), not on legacy Cerner infrastructure. OCI-hosted Oracle Health has stronger security controls. Oracle has committed to completing all Cerner customer migrations to OCI by 2025.

How does Claire support Oracle OPERA for GDPR-compliant hospitality AI?

Claire's Oracle OPERA integration includes GDPR controls for guest data: consent-aware processing (check OPERA guest marketing consent before personalizing AI recommendations), data minimization (pass only required guest profile fields for each AI interaction), right to erasure propagation (guest deletion in OPERA triggers Claire session data deletion), and EU data residency (Claire's EU-region deployment handles EU guest data without trans-Atlantic transfer). For hospitality properties in the EU/UK, Claire provides the GDPR DPA and data flow documentation for the OPERA integration.

Deploy AI on Oracle Systems With Compliance Built In

Book a demo to see Claire's Oracle OPERA, Oracle Health Cerner, and OCI AI integration with HIPAA and GDPR compliance.

Book a Demo See How It Works