How to Use AI Without Putting Customer Data at Risk

AI tools are not all the same. What you can safely paste into ChatGPT is very different from what you can safely paste into a HIPAA-eligible scribe with a signed BAA.

Rule of thumb

If you would not email it to a stranger, do not paste it into a public AI tool. That includes:

• Social security numbers
• Full credit card numbers
• Patient health information
• Privileged legal communications
• Bank account and routing details
• Children's personal information

What is generally safe

• Marketing copy and ideas
• Public company information
• Your own SOPs and internal notes (if you're fine with them training a model — check the setting)
• Reviewing your own writing

Turn off training

Most paid tiers let you turn off "model training on your data." Do it. It's usually one toggle.

Pick the right tier for the data

• General work: ChatGPT Plus or Claude Pro with training disabled.
• Health data: Only HIPAA-eligible tools with a signed BAA.
• Legal data: Tools with explicit confidentiality terms — or self-hosted.
• Financial data: Same rule — explicit data protection terms or skip it.

Write a one-page AI policy

Even for a team of three. Cover: which tools are approved, what data is off-limits, who to ask if you're unsure. We can help — that is what the AI Readiness Audit is for.