Staff Using Free AI Tools With Patient Data? The Policy Your Dental Practice Needs (2026)

Picture the quiet version of a data breach. Your front-desk coordinator is behind on recall letters, so she pastes a list of patient names into a free chatbot and asks it to draft the wording. No hacker, no ransom note, nothing on the news. Under HIPAA, the upload itself is the disclosure: patient information just left your practice for a company that owes your patients nothing. In survey after survey, most healthcare workers admit to using exactly these tools for work.

Why this lands on the owner's desk

Security teams call it shadow AI: staff using AI tools the practice never approved, usually with good intentions and on personal accounts. The numbers say it is the norm, not the exception. Netskope's research, reported in April 2026, found 71% of healthcare workers still using personal AI accounts for work, down from 87% a year earlier but nowhere near zero. A Black Book survey of 228 U.S. health-system employees found 58% of frontline staff using generic tools like ChatGPT, Gemini, or Copilot at least monthly, and 17% of those users admitting that identifiable patient information sometimes goes in. The warning is coming from inside dentistry too: dental IT providers now publish explicit alarms about staff feeding patient data to free AI tools.

Two facts turn that habit into the owner's problem. First, the violation belongs to the practice, not the employee: a covered entity must ensure compliance by its workforce (45 CFR § 164.306(a)(4)), so a well-meaning shortcut by your assistant is your disclosure. Second, there is no consumer tier to buy your way out with. OpenAI signs Business Associate Agreements only for sales-managed enterprise and education plans and qualifying API arrangements, never for the free, Plus, or Team tiers, so a staff member's paid personal ChatGPT login is the same consumer product with a credit card attached. Whether ChatGPT itself can ever be HIPAA compliant in a dental practice is a question we took apart separately; this guide is about the people using it.

What HIPAA already requires from a five-person office

None of the obligations below were written for AI. All of them were written for exactly this shape of problem: a workforce member, a shortcut, and patient data leaving the building.

• A default of no. 45 CFR § 164.502(a) sets the Privacy Rule's baseline: patient information is not used or disclosed unless a rule permits it. A chatbot with no BAA is not a permitted destination, full stop.
• Training, scaled to the job. § 164.530(b)(1) requires training every workforce member on your policies, as necessary and appropriate for their role. A documented ten-minute staff meeting on the AI line qualifies.
• Sanctions you actually apply. § 164.530(e)(1) requires appropriate sanctions against workforce members who break the rules, with each application documented. The Security Rule repeats the demand for electronic data at § 164.308(a)(1)(ii)(C).
• The policies themselves, in writing. § 164.530(i) requires written policies and procedures, kept current. On the security side, § 164.308(a)(5)(i) adds a security awareness and training program for the whole workforce, management included.
• Someone whose job it is. § 164.530(a)(1) requires a designated privacy official. In a solo practice that is usually the owner or the office manager; the title matters less than the designation being written down.

The $62,500 case where the missing policy was cited by name

In March 2022, OCR announced a $62,500 settlement with Northcutt Dental-Fairhope, LLC, a dental practice in small-town Alabama with about 17 employees. In 2017 the owner ran for state senate and handed his campaign manager an Excel spreadsheet with the names and addresses of thousands of patients; campaign letters went out addressed "Dear Valued Patient." The next spring, a campaign email reached 5,385 patients, sent through the practice's own marketing vendor.

OCR's resolution agreement lists four findings, and the quiet two should worry a practice owner more than the loud two. The loud findings are the disclosures themselves, both cited under § 164.502(a). The quiet findings are the paperwork: the practice did not designate a privacy official until late 2017 (§ 164.530(a)) and had no written policies and procedures at all until 2018 (§ 164.530(i)). The missing documents carry their own section numbers in the federal record, right next to the disclosures.

Northcutt was not an AI case, and it was not a rogue-employee case: the disclosure decision came from the owner himself. That is exactly why it matters here. OCR needed no hacker, no breach report, and no bad intent. It needed patient data going to an outside party no rule permitted, and a practice that could not produce the policy that should have stopped it. Finding B is the sharpest edge for the AI question: the marketing vendor was a company the practice already worked with, and the disclosure was still impermissible because it served purposes outside the service arrangement in place. Swap "campaign emails through the marketing vendor" for "patient list into a free chatbot" and the legal shape is identical: a familiar tool, fed patient data for a purpose no agreement covers.

The corrective action plan is the most useful page in the file, because it is OCR writing out the policy program it expects from a 17-person practice: written policies covering uses, disclosures, and training, submitted for federal approval; every workforce member documented as having read and understood them before touching patient data; new hires trained within 14 days; violations investigated, sanctioned, and reported. You can wait for OCR to install that machinery for you, at $62,500 plus two years of supervision, or you can build the one-page version yourself this month.

Most owners cannot say today which of those documents their practice could actually produce. The free HIPAA Risk Scorecard checks the 10 areas OCR investigators ask about first, written policies and staff training included, then sends a short written review of your top gaps and an intro to a vetted specialist if you want one. About three minutes. Check my practice →

The five parts of a staff AI-use policy that holds

1. The hard line: no patient information in any AI tool without a BAA

One sentence carries most of the weight: no patient information, in any form, goes into any AI tool unless the practice has a signed Business Associate Agreement covering that exact tool and has approved it in writing. Then define patient information the way staff actually meet it: names, photos, x-rays, chart notes, schedules, insurance details, voicemail transcripts, and any story specific enough to identify someone even with the name removed. Give the team a test they can remember: if you would not post it on the practice's public Facebook page, it does not go into a chatbot.

Spell out that the line covers personal devices and personal accounts. The disclosure happens where the data goes, not whose phone it left from, and the surveys above show personal accounts are precisely where the habit lives.

2. The sanctioned lane: what staff may use, and for what

A policy that only says no will lose to the time pressure that sent staff to AI in the first place; the survey data shows people reach for these tools to work faster, not to misbehave. So give the lane. AI is fine for work with zero patient information in it: blank consent templates, job postings, a recall letter with placeholder fields, supplier emails, patient-education drafts about procedures in general. And if the practice adopts a tool that is allowed to touch patient data, name it in the policy as the approved channel. An ambient scribe with a signed BAA is the usual first case, and how to vet an AI scribe before it hears a patient is its own five-question test.

One honest warning belongs in the policy text: "I removed the name" is not de-identification. HIPAA's standard (45 CFR § 164.514) requires stripping 18 categories of identifiers or a formal expert determination, and a detailed clinical story can identify a patient with no name attached. For day-to-day use, the workable rule is fictional placeholders, never lightly edited real cases.

3. Training that fits a staff meeting

§ 164.530(b) does not demand a seminar. It demands that every workforce member is trained on your policies, appropriately for their role, and that you can prove it happened. Ten minutes at a staff meeting covers the AI rule: what counts as patient information, the no-BAA line, the approved lane, and who to tell when something slips. Have everyone sign a one-line acknowledgment with the date. New hires get the same ten minutes in their first week, before they touch patient data, which is exactly the sequencing OCR wrote into Northcutt's corrective action plan.

4. Sanctions you can defend

The rule asks for appropriate sanctions, which means graduated and documented, not theatrical. A workable scale: a documented conversation for a first slip with no patient harm, a written warning plus retraining for a repeat, and termination on the table for knowing or repeated disclosure. Two things matter more than severity. The scale is written into the policy before anyone violates it, and every application is documented, because § 164.530(e)(2) requires the record. An owner who quietly forgives the first incident has, on paper, no sanctions program at all.

5. The response path: what happens when someone slips anyway

Assume a slip. The policy's last section tells staff to report it the same day, with no punishment for the reporting itself, because silence is the expensive version. The practice then documents exactly what was entered and where, and runs a breach risk assessment to judge whether notification duties start. Some incidents are defensibly low risk; an identifiable patient record pasted into a tool that trains on its inputs usually is not. The mechanics of that assessment, and the 60-day notification clock behind it, are covered in what to do when a dental practice has a data breach.

Put it in force this week

Step five is where the policy connects to the document OCR asks for first in nearly every investigation. What a compliant dental risk assessment involves is covered separately, and the short answer is that a one-page AI policy is one of the cheapest controls it will ever list.

The catch

Three complications deserve a line in the policy or a note on your calendar.

• AI is arriving inside tools you already trust. Practice-management systems, imaging software, and email platforms add AI features by quiet update. The policy line: a new AI feature inside an approved tool still needs a yes before patient data flows through it, because the BAA you signed may not cover the new processing.
• State law is adding its own layer. A growing number of states are legislating AI in healthcare separately from HIPAA. This article covers the federal floor; if your state has its own AI or privacy statute, the policy deserves a counsel check before you rely on it.
• The Security Rule overhaul is still pending. The update proposed in January 2025 would tighten the technical side of everything here, but as of June 2026 no final rule has been issued and the current Security Rule remains the law. Write the policy against today's rules, date it, and revisit it when OCR finalizes.

The bottom line

Free AI in a dental practice is a people problem before it is a technology problem, and HIPAA solved the people problem decades ago: a written rule, ten minutes of documented training, sanctions with dates on them, and one person whose job it is. Northcutt Dental paid $62,500 in a case where the missing paperwork was cited by section right next to the disclosures. The one-page version costs you an afternoon, and it is the difference between an employee's mistake and a federal finding.

Not sure what your practice would show if someone asked tomorrow? The free HIPAA Risk Scorecard asks ten yes/no questions about how your practice handles patient data, scores you out of 100, then sends a short written review of your top gaps and an introduction to a vetted specialist if a referral makes sense. About three minutes. Check my practice →

This is general information, not legal advice. Hipsana is not a law firm, a compliance officer, or a healthcare provider. Verify current requirements with HHS or qualified counsel before acting.

About the author

Dolev Arama is the founder of Hipsana, where he runs the HIPAA Risk Scorecard and the short practice risk reviews behind it. He is not an attorney, and Hipsana is a publisher and referral service, not a law firm or a healthcare provider. Its compliance writing starts from primary regulators (HHS, OCR, NIST) and is checked against their current text before anything goes live. More about Hipsana →

Sources

• HHS Office for Civil Rights, Resolution Agreement and Corrective Action Plan, Northcutt Dental-Fairhope, LLC, HHS Transaction No. 18-304734 (signed March 8, 2022; announced March 28, 2022).
• HHS Office for Civil Rights, "Four HIPAA enforcement actions hold healthcare providers accountable with compliance" (March 28, 2022).
• 45 CFR § 164.502(a) and (e); § 164.514; § 164.530(a), (b), (e), (i); § 164.306(a)(4); § 164.308(a)(1)(ii)(C) and (a)(5)(i) (eCFR, current).
• OpenAI published documentation: Business Associate Agreements limited to sales-managed ChatGPT Enterprise and Edu plans and qualifying API arrangements; none offered on Free, Plus, or Team tiers (as referenced June 2026).
• Netskope Threat Labs healthcare findings, as reported by Medical Economics (April 2026): 71% of healthcare workers using personal AI accounts for work.
• Black Book Market Research survey of 228 U.S. health-system employees (December 2025), as reported by Managed Healthcare Executive (June 2026): 58% of frontline staff use generic AI tools at least monthly; 17% of those users sometimes or often include identifiable patient information.
• Reuben Kamp (Darkhorse Tech), "AI Threat? Is Your Staff Using Free AI Tools With e-PHI?", Open Dental Blog (February 2026).
• Federal Register, HIPAA Security Rule NPRM, January 6, 2025 (RIN 0945-AA22).