TLDR: The Golden Rule of AI & HIPAA “If you wouldn’t post it on a billboard, don’t paste it into ChatGPT.” Unless you have a signed Business Associate Agreement (BAA) with an AI vendor, you must assume that everything you type into the chat box is being read, stored, and used to train the system. When in doubt, keep client data out.
If you run a private practice, you know the drill: HIPAA (Health Insurance Portability and Accountability Act) is the federal law designed to protect Patient Health Information (PHI). But in 2026, complying with HIPAA isn’t just about locking filing cabinets or using a secure email server.
We are living in the age of AI. Tools like ChatGPT and automated schedulers are revolutionizing how we run businesses, promising to save us hours of admin time. But there is a friction point: HIPAA was built for a world of paper records and locked doors. AI is “probabilistic”—it guesses, it predicts, and crucially, it learns.
As a web designer who works exclusively with private practice owners, I see the backend of many businesses. I’ve watched the shift from simple contact forms to complex AI integrations, and I’ve seen how easy it is to accidentally cross a line you didn’t know was there.
Before you integrate that new “time-saving” tool, you need to understand the new rules of the road. Here is everything you need to know about navigating the intersection of AI and HIPAA without putting your license—or your clients—at risk.
HIPAA and Why It Matters in the Age of AI
PHI isn’t just a diagnosis. It’s any piece of information—a name, an IP address, or even a session date—that can be linked to an individual’s health status.
HIPAA was built for a “deterministic” world (where input A always leads to output B). But Artificial Intelligence is “probabilistic.” It guesses, it predicts, and it learns.
When you introduce AI into your practice, you are introducing a system that devours data to get smarter. If that data is your client’s private history, you are walking a regulatory tightrope. With the January 2025 updates to the HIPAA Security Rule, the government has made it clear: encryption and strict access controls are no longer optional “addressable” features, they are requirements.
Is ChatGPT HIPAA Compliant for Private Practices?
No, standard ChatGPT is not HIPAA compliant because it saves user inputs to train its public models and refuses to sign a Business Associate Agreement (BAA).
Just because a tool is popular doesn’t mean it’s safe. Most general-use AI platforms (like standard ChatGPT, Claude, or Gemini) state in their terms of service that they use input data to train their models. If you feed a client’s trauma or health history into a public chatbot, that data potentially becomes part of the brain of the AI, technically accessible to others.
To be compliant, you must verify that the AI vendor will sign a Business Associate Agreement (BAA). This is a legally binding contract where the vendor promises to protect PHI and—most importantly—promises not to use your data to train their public models. If they won’t sign a BAA, they aren’t for you.
Using AI in a Clinical Setting
As a web designer who helps health practitioners and therapists build out their online presence, I see the backend of many systems. The risks I see aren’t usually malicious; they are accidental.
Data Leakage and “Shadow AI”: This happens when well-meaning staff use unapproved AI tools to speed up work. For example, using a random browser extension to record a telehealth session. If that extension sends audio to a non-compliant server, you’ve breached HIPAA.
Hallucinations Impacting Integrity: AI “hallucinates,” meaning it confidently invents facts. If an AI scribe invents a diagnosis that you didn’t say, and that gets into the Electronic Health Record (EHR), you have corrupted the integrity of the medical record. This creates liability for malpractice and false claims.
The “Mosaic Effect”: You might think, “I removed the client’s name, so it’s safe.” Not necessarily. AI is powerful enough to cross-reference anonymized data with public datasets (like voter rolls or social media) to re-identify individuals. This is called the Mosaic Effect, and it renders simple “name scrubbing” insufficient.
Common Mistakes Private Practice Owners Make with AI
1. The “Pixel War” Trap: Using Tracking Pixels on Social and Websites
The FTC and the Office for Civil Rights (OCR) have recently cracked down on tracking pixel use in healthcare—and the financial consequences have been significant. In the landmark case Kaiser Foundation Health Plan, Inc. v. Plaintiffs (consolidated class action, reported to HHS April 2024), Kaiser Permanente agreed to pay $47.5 million to settle allegations that tracking pixels from Google, Microsoft (Bing), X (formerly Twitter), Adobe, and Quantum Metric transmitted patient IP addresses, search terms, and navigation patterns—including activity inside authenticated patient portals—to third parties without consent. The breach affected 13.4 million individuals, making it the second-largest healthcare data breach reported in 2024.
This is not an isolated case. Pixel-tracking litigation has generated over $100 million in settlements across the healthcare industry since 2023, including:
| Organization | Settlement Amount |
|---|---|
| Aspen Dental Management | $18.5 million |
| Adena Health System (Ohio) | $17.8 million |
| Henry Ford Health (Michigan) | $12.28+ million |
| Advocate Aurora Health | $12.25 million |
| BJC Healthcare (Missouri) | $9.25 million |
| The Christ Hospital (Ohio) | $7 million |
| Mount Sinai Health System (New York) | $5.26 million |
| MarinHealth (California) | $3 million |
| Inova Health | $3.1 million |
| Mammoth Hospital (California) | $380,000 |
Legal claims in these cases have included negligence, breach of contract, invasion of privacy (specifically “intrusion upon seclusion”), and statutory violations under the California Confidentiality of Medical Information Act (CMIA) and the federal Electronic Communications Privacy Act (ECPA).
The HHS Office for Civil Rights (OCR) reinforced this risk in its December 2022 and March 2024 guidance bulletins, explicitly stating that IP addresses combined with a visit to a health-related webpage may constitute PHI.
If you have a “Schedule a Consultation” page and you are using a standard Facebook (Meta) Pixel or Google Analytics tracker, you might be in trouble.
The Fix: Switch to “Server-Side Tracking” or use HIPAA-compliant analytics tools that anonymize data before it reaches Facebook or Google.
The Rule: If you are a covered entity (which most private practices are), you cannot use standard tracking pixels on pages where health services are researched or booked unless that tracker signs a BAA—which Facebook and Google generally will not do for standard analytics.
Which pages on your website are at risk?
Not every page on your site carries the same level of exposure. The risk is not about whether a pixel exists on your site — it’s about what a visitor is doing on that page. Here’s a plain-language breakdown using a dietitian website as an example:
| Page Type | Standard Pixel Safe? | Risk Level | Why |
|---|---|---|---|
| Home Page | Yes | Low | A general public page that doesn’t tie a visitor to any specific health condition or intent. An IP address collected here doesn’t constitute PHI on its own. |
| General Services Page (e.g., “Nutrition Counseling”) | Generally yes | Low–Medium | Broad, non-specific offerings don’t inherently reveal a health condition. Risk increases if the page includes interactive form fields asking about health goals or symptoms. |
| Condition-Specific Services Page (e.g., “Nutrition Counseling for Type 2 Diabetes” or “Eating Disorder Support”) | No | High | A visitor landing on this page is likely seeking care for that specific condition. Per HHS OCR guidance, an IP address combined with a visit to a condition-specific page can constitute PHI. Because you cannot verify a visitor’s intent, HHS says you must treat it as PHI. |
| Contact Page or Booking Page (with a scheduler link or intake form) | Absolutely not | Critical | OCR guidance is explicit: any page that allows a visitor to initiate scheduling or submit health-related information triggers strict HIPAA requirements. This is the exact page type that triggered the multi-million dollar lawsuits above. |
The short version: the more specific the health topic on a page — and the closer a visitor is to booking an appointment — the higher your liability if a standard pixel is running.
The Compliant Fix: What to Actually Do Instead
“Server-side tracking” and “HIPAA-compliant analytics” can sound like vague tech jargon, so here’s what those options actually mean in practice.
Option 1: Use a Customer Data Platform (CDP) as a Privacy Buffer
A CDP sits between your website and tools like Google Analytics or Meta Ads. It intercepts your visitor data, automatically strips out anything that could identify a person (IP addresses, device IDs, health-related keywords), and then passes the clean, de-identified data along to your marketing tools. Think of it as a privacy filter that lets you keep your analytics without the legal exposure.
The catch: not all CDPs are HIPAA-compliant. The platform must be willing to sign a BAA and have specific data-scrubbing features built in. A few options worth knowing about:
For smaller practices and solo practitioners:
- Freshpaint — Built specifically for healthcare marketing compliance. It replaces your standard tracking pixels, automatically masks PHI, and passes clean data to Google or Meta. Signs a BAA.
- Ours Privacy — A newer healthcare-focused platform with integrated cookie consent management. Designed for practices that rely on paid ads (Meta/Google Ads) and want a straightforward setup. Signs a BAA.
For larger group practices or health systems:
- Tealium (Healthcare tier) — A market leader in data governance with a private cloud architecture specifically audited for HIPAA. Signs a BAA for healthcare clients.
- Twilio Segment (Healthcare/Life Sciences Enterprise tier) — A popular developer-first CDP with an enterprise healthcare tier that includes encryption, strict access controls, and BAA availability. Note: standard Segment accounts are not compliant.
Option 2: Replace Google Analytics Entirely
If a CDP feels like overkill for your practice size, you can sidestep the whole problem by switching to an analytics platform that is natively privacy-compliant — no buffer layer required.
- Matomo (Self-Hosted) — A free, open-source Google Analytics alternative. When you self-host it, your data never leaves your own secure server, which means no third-party BAA is needed at all.
- PostHog (Paid Platform tier) — An all-in-one analytics and session tracking tool that signs a BAA on their paid plans.
- Independent Analytics (WordPress plugin) — If your practice runs on WordPress, this is one of the cleanest compliant options available. It runs entirely inside your own WordPress installation and never communicates with external servers, which means you are not transmitting data to a third party at all — and therefore no BAA is required. It also never writes a raw IP address to your database. Instead, it uses a one-way hash (combining the IP with the browser’s user agent and a randomized security salt) that creates an anonymous identifier that cannot be reverse-engineered back to a real person. This directly addresses both the HHS IP address concern and the Mosaic Effect in one step.
One important warning: When evaluating any of these tools, always confirm that the BAA covers the specific tier you are purchasing. Some platforms (HubSpot, for example) have added HIPAA-adjacent features for certain products, but their standard marketing tools are explicitly excluded. Get the signed BAA in writing before placing any code on your website.
2. Trusting “Anonymization” Too Much
Inputting session notes into an AI and asking it to “rewrite this without names” is risky. The moment you input the data, the breach has likely already occurred if the platform saves chat history for training.
3. Ignoring the “Draft-Only” Rule
Some practitioners let AI write emails or notes and send them without review. If the AI exhibits bias (a violation of Section 1557 of the ACA) or hallucinates a medication, you are liable. AI should only ever produce a draft.
4. The “Browser Extension” Blindspot
This is the most common violation I see. You might be careful not to paste notes into ChatGPT, but do you have an AI writing assistant (like a grammar checker or “co-pilot”) installed as a Chrome extension? Many of these extensions have permission to “read and change data on all websites.” If you have your EHR (like SimplePractice or TherapyNotes) open in one tab and that extension is active, it may be reading the patient data on your screen to offer “writing suggestions.” Use a separate browser (or an Incognito window without extensions) strictly for clinical work.
5. The “Silence” Trap (Lack of Transparency)
Some practitioners use AI scribes or chatbots but are afraid to tell their clients because they fear pushback. If a client finds out later that a machine was listening to their trauma narrative without their explicit consent, the trust is broken forever. Furthermore, new state laws (like in California and Utah) and updated ethical codes are increasingly mandating disclosure when AI is being used. Update your informed consent forms to include a specific “AI Technology” clause and discuss it verbally during intake.
6. The “Small Fish” Fallacy
“I’m just a solo practitioner; the OCR isn’t looking at me.” Automated enforcement doesn’t care how small you are. Pixel lawsuits often target specific technologies, not just specific companies. If a plaintiff’s attorney runs a script that detects a tracking pixel on 1,000 different therapy websites, you get swept up in the net regardless of your size. Treat your solo practice data with the same rigor as a hospital. Security by obscurity is not a strategy.
What Counts as a HIPAA Violation When Using AI?
It’s not just about “hacking.” Here are three ways AI use crosses the line:
Pasting any client identifier—an email address, symptoms, or session date—into a tool that has not signed a BAA constitutes an unauthorized disclosure of PHI, regardless of whether any harm results.
When an AI system invents or misrepresents clinical information in a record and a practitioner saves that output without review, the integrity of the medical record has been compromised, which is a direct violation of HIPAA’s data accuracy requirements.
Using an AI platform that claims to be private but secretly incorporates your inputs into its foundation model training effectively transfers your client’s protected information to a third party without a BAA, triggering a reportable breach.
What AI Tools Can Healthcare Providers Use Safely?
You don’t have to ban AI from your private practice to be safe. The trick is to treat AI like a “Digital Intern”—one that is incredibly smart but has not signed a confidentiality agreement. You can safely give this intern general tasks, creative projects, and public-facing work. You just never let them see a patient chart.
The table below maps common AI use cases to their risk level, BAA requirement, and what data is actually permissible to use.
| Tool Type | BAA Required | Permitted Data Scope | Core Compliance Risk |
|---|---|---|---|
| Marketing & Content AI (ChatGPT, Claude, Jasper) | No | Generic, public-facing content only — no client names, diagnoses, or session details | Low — risk arises only if PHI is accidentally included in a prompt |
| Operational AI (email drafting, scheduling templates, spreadsheet formulas) | No | Anonymized or fictional scenarios; policy language; general business data | Low — never include client-specific identifiers, even in “draft” mode |
| Clinical Reference AI (psychoeducation, worksheet generation, intervention ideas) | No | General clinical concepts pulled from AI, not client data pushed into AI | Medium — risk increases if a practitioner frames prompts around a specific client |
| AI Scribes & Documentation Tools (Heidi Health, Freed, DeepScribe) | Yes — mandatory | PHI permitted only under a signed BAA with Zero Data Retention (ZDR) clause | High — free or non-BAA tools in this category are an automatic HIPAA violation |
| Website Chatbots (third-party chat widgets) | Yes — mandatory | No health-related intake data unless vendor signs BAA and does not retain conversations | High — standard chatbot vendors rarely sign BAAs; wiretapping liability (CIPA) also applies |
| Tracking & Analytics Pixels (Meta Pixel, Google Analytics) | Yes — mandatory | No use on pages where health services are researched or booked without BAA | Critical — multiple $3M–$47.5M settlements confirm active litigation risk |
Using AI for Marketing & Content Creation
This is the safest place to use tools like ChatGPT, Claude, or Jasper because you are dealing with public information, not private health data.
Brainstorming & Ideation: Stare at a blank screen no more. Try a prompt like:
I am a dietitian focusing on intuitive eating. Give me 10 blog post titles
that address holiday eating anxiety without sounding judgment-y.SEO & Meta Data: Paste your (generic) blog post into AI and ask:
Write a 160-character meta description for this post that includes
the keyword "anxiety therapy in Chicago."Social Media Captions: Describe an image you took and ask AI to write an engaging caption:
Write an Instagram caption for a photo of a calm office with a plant.
The caption should focus on the importance of creating a safe space
for clients. Keep it under 150 characters.The “Frankenstein” Rule: If you want to write a case study, do not upload a real client’s story and ask AI to disguise it. Instead, ask AI to generate a fictional scenario:
Create a persona of a 30-year-old struggling with work-life balance
and burnout. List 3 common coping mechanisms they might try.This keeps your real clients completely out of the equation.
Using AI for Operational Efficiency
Running a private practice is 50% clinical work and 50% unbilled admin. AI can handle the unbilled part if you keep the data generic.
Polishing Difficult Emails: Need to enforce your cancellation policy without sounding harsh?
Rewrite this email to sound firm but empathetic:
"You missed your appointment again and I have to charge you
the full fee per my policy."You get a professional script you can copy-paste into your secure email system, adding the client’s name after you leave the AI tool.
Excel & Spreadsheet Formulas:
Write an Excel formula that calculates the percentage of total
inquiries that came from "Psychology Today."Policy Generation: Need a new “Social Media Policy” for your practice website? Ask AI to draft a robust template in seconds, then review it to ensure it matches your actual boundaries.
Using AI for Clinical Support
You can use AI as a super-powered reference tool, provided you are pulling information out rather than putting client info in.
Psychoeducation Metaphors:
Explain the "Window of Tolerance" using a metaphor that would
make sense to a teenage gamer.Give me 3 simple analogies to explain how insulin resistance works
to a client who loves gardening.Worksheet & Resource Creation:
Create a checklist of 5 grounding techniques for panic attacks
that can be done in a public place.Draft a weekly meal planning template that focuses on adding
nutrients rather than restricting calories.How to Use an AI Scribe Safely: A Step-by-Step Workflow
Clinical documentation is where AI saves the most time—and creates the most risk if done wrong. Free tools are not an option here. Follow these steps exactly.
Step 1: Confirm your AI scribe vendor has signed a Business Associate Agreement (BAA) before your first session. Do not proceed without this document in place. Acceptable tools include Heidi Health, Freed, and DeepScribe. Free or general-purpose AI tools do not qualify.
Step 2: Verify that your vendor offers Zero Data Retention (ZDR). This means the audio is processed in real time to generate text, then permanently deleted. It never sits on a server where it could be accessed or breached.
Step 3: Obtain explicit client consent before activating the scribe. Update your informed consent forms to include a specific “AI Technology” clause. Discuss it verbally during intake. Do not assume silence equals consent.
Step 4: Activate the HIPAA-compliant scribe app at the start of the session. The AI listens, transcribes, and formats the note into your preferred structure (SOAP, DAP, etc.) in real time.
Step 5: Review every AI-generated note for accuracy before saving. Check specifically for hallucinated symptoms, incorrect medications, or invented diagnoses. You are legally responsible for the content of any record you sign off on.
Step 6: Copy the finalized, reviewed note into your EHR (SimplePractice, Jane, TherapyNotes, etc.).
Step 7: Delete the note from the AI scribe app if it does not auto-delete after export. Confirm deletion has occurred. Do not allow clinical notes to accumulate inside third-party platforms.
How to Use AI Responsibly in Private Practice
If you want to sleep well at night, follow this framework:
The BAA Test: Does the vendor sign a BAA? If no, no PHI touches it.
Zero Training Clause: Ensure your contract explicitly states that your data will not be used to train the vendor’s foundation models.
Human-in-the-Loop (HITL): Never let AI be the final decision-maker. You must review every output.
Transparency: New laws, like those in California, require you to disclose if a chatbot is AI. Be honest with your clients: “This chat is automated.”
FAQ on AI
Can I use ChatGPT to write client notes if I don’t use names?
Generally, no. Unless you are on the Enterprise plan with a signed BAA and have configured Zero Data Retention, standard ChatGPT uses your inputs for training. Even without names, clinical context can be re-identified through the Mosaic Effect.
Is it safe to use AI chatbots on my practice website?
It is risky. If the chatbot vendor records conversations for their own “product improvement,” you could be liable under wiretapping laws (CIPA) or HIPAA. The vendor must sign a BAA and must not retain conversation data.
What AI tools actually support HIPAA compliance?
Look for Enterprise versions of major platforms (Microsoft Azure, AWS) or health-specific SaaS tools designed for practitioners — such as AI scribes like DeepScribe, Heidi Health, or Freed — that openly publish their security protocols and BAA availability.
What happens if I accidentally input PHI into a non-compliant AI tool?
This is a reportable data breach. Depending on the scale and risk of compromise, your breach notification protocols may require you to notify both the affected client and the Office for Civil Rights (OCR).
Do tracking pixels on my website count as a HIPAA violation?
Yes, if you are a covered entity and you use standard tracking pixels (Meta Pixel, Google Analytics) on pages where patients research or book health services, you are likely in violation. Kaiser Permanente settled for $47.5 million over this exact issue. The fix is server-side tracking or HIPAA-compliant analytics tools.
Am I at risk even as a solo practitioner?
Yes. Pixel-tracking lawsuits have targeted individual practice websites at scale using automated detection scripts. The OCR’s enforcement mechanisms and plaintiff attorneys do not distinguish by practice size. Treat your data with the same rigor as a hospital system.
What is a Business Associate Agreement (BAA) and why does it matter?
A BAA is a legally binding contract in which an AI vendor (or any third-party vendor who handles PHI) agrees to protect that data and not use it to train public models. Without a BAA, any PHI you share with that vendor is an unauthorized disclosure — a HIPAA violation — regardless of your intent.
Does removing a client’s name make their data safe to use in AI?
Not reliably. The Mosaic Effect means AI can cross-reference anonymized data with public datasets — such as voter rolls or social media profiles — to re-identify individuals. Simple name-scrubbing is not a compliant de-identification method under HIPAA’s Safe Harbor standard.
