Clinicians

AI for Clinical Notes: What's Actually HIPAA Safe and What Isn't

May 2026

By Mark Reeves — author of all 47 AI Field Guides. Written and tested in a working business.

AI-generated portrait. Pen name. Real work.

The stakes are real, the tools are unevenly safe, and the workarounds are simpler than you think.

A solo family physician types a patient's date of birth and chief complaint into chat.openai.com to finish a SOAP note between appointments. That input is the violation.

Researchers at the USC School of Public Policy published a paper with a title that should get every clinician's attention: "Why doctors using ChatGPT are unknowingly violating HIPAA."

Not might be violating. Unknowingly violating.

This is not a theoretical concern. This is what's actually happening when physicians and therapists type patient information into standard consumer AI tools — often without realizing the exposure they're creating.

Why Standard ChatGPT Is Risky for Clinical Data

Standard ChatGPT — the version at chat.openai.com without a Business Associate Agreement — stores your conversations. Historically, OpenAI has used conversation data to improve its models, though users can opt out of training. But the opt-out and the storage are two different things. Your conversations are sitting on OpenAI's servers by default.

When you type a patient's name, date of birth, diagnosis, or treatment details into that interface, you've created a record containing protected health information outside of a HIPAA-covered system. There's no BAA governing it. No breach notification requirements. No audit trail your compliance officer can review.

That's the violation — not the AI output, but the input you sent to get it.

The same applies to standard Claude, standard Gemini, and most free-tier AI tools. The consumer versions are not designed for healthcare data. They were not built with HIPAA in mind, and they haven't signed agreements that make them HIPAA-eligible business associates.

The De-Identification Test You Can Run Right Now

Before the full breakdown: take the last AI prompt you used for clinical work. How many of the 18 HIPAA Safe Harbor identifiers did it contain? Name, date, zip, medical record number — any of those make it a violation regardless of what tool you used or whether you opted out of training. Run the checklist below against it. That answer is more important than reading the rest of this article.

What "De-Identified" Actually Means (and Doesn't Mean)

There's a workaround that genuinely helps: complete de-identification before you touch the keyboard.

HIPAA's Safe Harbor standard identifies 18 categories of information that must be removed before data is considered de-identified: names, geographic data, dates (including birth dates and admission dates), phone numbers, email addresses, Social Security numbers, medical record numbers, account numbers, diagnoses when combined with identifying details, and more.

If you strip all of that before typing — referring only to "the patient" with no identifiers whatsoever, describing a clinical scenario in the abstract — you've meaningfully reduced your exposure. You're no longer putting PHI into a non-covered system.

This isn't a perfect solution. You're still working around a system that wasn't designed for your use case. But for clinicians who want to use AI to improve a note template, think through a clinical decision, or draft a patient communication, full de-identification gives you a path that doesn't require a premium subscription.

Pre-flight de-identification checklist — run this before any consumer AI use:

1. Name removed (patient, family members, referring providers)
2. Geographic data removed or generalized (no city, ZIP, street — "rural Midwest" is fine; "Springfield, IL 62704" is not)
3. Dates removed or generalized (no birth date, admission date, service date — "patient in their early 60s" is fine)
4. Phone numbers removed
5. Fax numbers removed
6. Email addresses removed
7. Social Security numbers removed
8. Medical record numbers removed
9. Health plan beneficiary numbers removed
10. Account numbers removed
11. Certificate or license numbers removed
12. Vehicle identifiers and serial numbers removed
13. Device identifiers removed
14. Web URLs removed
15. IP addresses removed
16. Biometric identifiers removed
17. Full-face photographs or comparable images removed
18. Any other unique identifying number or code removed

If all 18 categories are clear, you've met HIPAA's Safe Harbor standard. You're not in a covered system — but you're no longer putting PHI into one either.

The full de-identification workflow — including where the 18-category checklist breaks down on complex notes and the prompt structure that keeps PHI out of every session by default — is in Claude for Solo Clinicians ($29).

Tools That Are Actually Built for This

The safer route is using tools that have signed a Business Associate Agreement — which contractually binds them to HIPAA safeguards and makes them a legal business associate under the law.

A few examples worth knowing:

Freed AI is purpose-built for clinical documentation. It listens to patient encounters and generates structured notes, and it operates under a signed BAA. It's the tool getting the most word-of-mouth among primary care physicians right now.

Nuance DAX (Dragon Ambient eXperience) is the enterprise option — deployed in large health systems, embedded into EHR workflows, well-established in the market. More setup, more cost, more integration.

ChatGPT for Healthcare launched January 8, 2026, with HIPAA compliance architecture and BAA support. It deployed initially at major health systems including Cedars-Sinai, HCA Healthcare, and Stanford Medicine Children's Health. It's a different product from the consumer version — not just a permissions toggle, but a separate offering with different data handling. (Source: OpenAI, https://openai.com/index/openai-for-healthcare/)

The common thread: a signed BAA makes the vendor a business associate under HIPAA and creates the legal framework for handling PHI. Without it, you're operating outside that framework regardless of what the tool's marketing says.

The Stakes Are High in Both Directions

Forty-two percent of U.S. physicians were using AI documentation tools by mid-2025. That number is moving fast. And the reason is real: documentation burden is one of the primary drivers of clinician burnout.

A 2025 study published in JAMA Network Open (Olson et al., Yale School of Medicine) tracked 263 physicians across six health systems who began using ambient AI scribing tools. After 30 days, burnout rates dropped from 51.9% to 38.8%. That's a meaningful reduction in a metric that correlates with worse patient outcomes, higher attrition, and shorter careers.

So the question isn't whether AI documentation tools are worth using. For many clinicians, they clearly are. The question is which ones, in which configurations, with what safeguards in place.

Using the wrong tool — especially one without a BAA — exposes you to HIPAA violations that can carry fines from $100 to $50,000 per violation, plus reputational consequences in an environment where patient trust is your entire foundation.

Getting this right matters in both directions: ignoring AI documentation tools costs you; using the wrong ones costs you differently.

The Practical Path Forward

If you're not ready to pay for a dedicated tool, de-identify completely before using any consumer AI. No names. No dates. No identifiers. Use it to improve your note structure, your templating, your language — not to process actual patient data.

If you're evaluating paid tools, start with whether they offer a signed BAA. Ask to see it. If the vendor can't produce one or isn't sure what you're asking for, that tells you what you need to know.

And if you're in a group practice or institutional setting, loop in your compliance team before deploying any AI tool for documentation. The liability runs through the organization, not just the individual clinician who chose the tool.

The technology is genuinely useful. The compliance landscape is genuinely real. Both are true — and navigating them together is the actual job.

This article covers the three HIPAA failure modes. It doesn't cover the de-identification workflow in practice (where the 18-category checklist breaks down on complex notes), the BAA audit process (how to verify a vendor's agreement actually covers your use case), or the prompt structure that keeps PHI out of every session by default. That's Guide 04.

Related reading

• Using Perplexity for medical research in clinical practice
• Is it safe to use ChatGPT with client data?

Mark Reeves is a pen name. AI Field Guide publishes role-specific, practical guides for using AI tools in real work.