It's a normal Tuesday. Your front-desk coordinator has a delicate email to answer, so she pastes it into a free AI chatbot and asks for a polite draft. The reply comes back warm, clear, and done in ten seconds. Nobody was careless. Nobody broke a rule they knew about. And a piece of protected client information just left your practice — copied onto a company's servers you've never signed anything with.
That's the whole problem in one scene. The tools are genuinely useful, so your staff reach for them, and the data goes along for the ride. The answer is almost never "ban AI" — you'd lose a real productivity gain and your team would just do it quietly anyway. The answer is knowing where the data goes, and putting a few simple guardrails on the paths that matter. This guide walks the common paths, what the law actually asks of you in plain terms, and a short fix pattern you can start this week.
The four ways data slips out
These are the leaks I see most often. None of them involve a bad actor. Every one is an ordinary person doing their job with a helpful tool.
1. Pasting client text into a free chatbot
Someone drops a patient message, an intake form, or a claim note into a free consumer AI tool to summarize or reply.
Where it goes: onto that company's servers. On free and personal tiers, that text may be retained and, depending on the product's settings, used to improve their systems. Why it matters: once it's there, you can't get it back, and you have no agreement governing how they handle it.
2. AI features quietly switched on inside tools you already use
Your email, your video calls, your note-taking app — many now have an AI helper that summarizes, transcribes, or autocompletes. A meeting transcriber that joins a call with a client is a recording device you may not have thought of as one.
Where it goes: to whichever vendor powers that feature, sometimes a different company than the app itself. Why it matters: the data left the building without anyone choosing to send it — the feature was just on by default.
3. Personal accounts standing in for business ones
A staff member uses their own free login for a tool instead of a business account the practice controls.
Where it goes: the same product, but under consumer terms — often with weaker privacy commitments and no way for you to manage or delete the data. Why it matters: the paid business tier of the exact same tool frequently offers the protections you need; the personal tier of it usually does not.
4. Browser add-ons that read the whole screen
A free "AI assistant" browser extension promises to help with any page. To do that, it can read everything on screen — including your practice-management system, open charts, and client records.
Where it goes: to the extension maker, who is often a small unknown company. Why it matters: this is the widest, quietest path of the four, because it sees whatever the employee sees, all day.
What the rules actually ask of you
Here's the part that surprises people: HIPAA does not tell you to ban new technology. In plain terms, it asks three reasonable things.
- Know where client information flows. You can't protect data whose path you can't describe. Most of the risk hides in paths nobody has mapped.
- Have an agreement with any vendor that touches it. When an outside company handles protected information on your behalf, you're expected to have a contract where they promise to protect it — the formal name is a Business Associate Agreement, but it's really just "the vendor signed something committing to handle this properly."
- Be able to show your reasoning. Not a perfect system — a documented, sensible one. You decided what's allowed, you wrote it down, and you review it. That posture is what a security review is built to align with (the recognized federal guide for it is NIST SP 800-66).
A note on what this is: I'm an engineer who maps where data goes and points out the gaps. This is not legal advice, and it doesn't replace your compliance counsel — it's the practical, technical half of the picture.
The fix pattern
You don't need a project or a consultant to start. You need to work five steps, in order. The first two cost nothing but attention.
- Find out what's actually in use. Ask your team, without blame, which AI tools they use and what they paste in. You'll learn more in one honest conversation than in any policy.
- Decide the allowed list. Pick the tools you'll support and the ones you won't. A short "yes" list is easier to follow than a long list of "don'ts."
- Put anything that touches client data on a business tier — with an agreement. Upgrade from personal to business accounts, and get the vendor's agreement in place for those. This is where most of the real exposure closes.
- Write one page of rules your staff will actually read. Plain language, a few do's and don'ts, one example. If it's longer than a page, it won't get read, and unread rules protect no one.
- Check it twice a year. New tools appear and features turn on by themselves. A short recheck every six months keeps the map current.
You're not trying to make AI risk zero. You're trying to move from "we have no idea where our client data goes" to "we know, we decided, and we can show it."
That shift — from unknown to mapped-and-chosen — is most of the protection, and every step above is something a practice can do without a technical team.
Tim Downs Mullen spent 25 years building and certifying software in places where a mistake isn't an inconvenience — avionics, defense, and healthcare. He now helps practices and professional firms adopt AI without losing track of where their client data goes, using the same audit-trail discipline used to certify flight software. He is the founder of HIPAAPath.