Privacy and Artificial Intelligence (AI) Assistance Technology

Overview

This document provides clear guidance on the responsible use of artificial intelligence (AI) tools, with a focus on protecting client privacy and complying with data security protocols. AI tools offer many benefits, but safeguarding client privacy is non-negotiable. Be vigilant, stay informed, and always prioritize secure handling of confidential information.

⚠️ Use Caution with AI Tools

Although AI technology (i.e. ChatGPT, Google Gemini, Microsoft Copilot, or any other content generators) can streamline and enhance many work tasks, it must be used with great care—especially when dealing with sensitive or client-identifiable information. 

• Do not use AI-powered writing tools to prepare case notes or any communication involving client identified information.  This includes client names, case details, or any protected client data 

• Do not use AI meeting assistants that automatically record, transcribe, or summarize any meetings where client information is discussed. 
  

There are several critical reasons for not using AI technology when client identifiable information is involved.

🔐 Privacy and Confidentiality Risks

• Automatic recordings and transcriptions can capture sensitive, personally identifiable information such as client histories, personal identifiers, health details, or legal matters.
  
• Entering or recording this information via AI tools may expose it to third parties, even if unintentionally.
  
• Many AI tools store data on external servers, often outside your jurisdiction, which increases exposure to unauthorized access or data breaches.
  

⚖️ Regulatory Non-Compliance

• Use of AI meeting assistants may violate laws such as:
  

  • HIPAA (Health Insurance Portability and Accountability Act)
    
  • 42 CFR Part 2 (for substance abuse treatment)
    
  • FERPA or other local data protection laws 
• These tools may lack the required safeguards, data processing agreements, or encryption standards to comply with legal mandates.
  

🕵️‍♀️ Loss of Control Over Sensitive Data

1. AI vendors may store, analyze, or use meeting content for training their models or improving their services.
   
2. Even anonymized, residual data can still pose a risk of re-identification.
   
3. Organizations can lose direct oversight of where the data goes, who it is shared with, and how long it is retained.
   

⚠️ Informed Consent Issues

• Participants (especially clients) may not be aware their conversations are being recorded and processed by AI.
  
• Failing to obtain explicit, informed consent undermines ethical standards and may erode trust in your organization.
  

🧾 Risk of Inaccurate or Misleading Notes

• AI-generated summaries can:

  • Miss important context
  • Misinterpret tone or intent
  • Create incomplete or legally risky documentation
• This is especially dangerous if the case notes are used for decisions, audits, or court proceedings.
  

🧾 Unapproved and Unvetted Tools

• Many AI meeting tools are not approved by IT or compliance departments. 
  
• They may lack security certifications, data handling controls, or contractual obligations required for handling confidential information.
  

• Related Articles

• Data Privacy & Confidentiality

  Introduction The Homeless Action Network of Detroit (HAND) is committed to managing its client records to comply with HMIS data privacy and confidentiality rules. These rules establish how Client PPI/PHI will be managed outside of the Homeless ...

• Date of Birth DQ Errors

  If your CoC APR shows clients with DOB data issues, be sure to check that: · The date of birth is recorded for the client · The Date of Birth Data Entry type is recorded as “Full DOB Reported (HUD)” Please refer to the attached job aid for assistance

• HUD VERIFICATION: DATA ENTRY, ERRORS, & BEST PRACTICES

  HUD Verification must be completed for all project entries during data entry. This means a response of yes or no has been entered for each sub-assessment source. To review common errors and best practices associated with HUD Verification please view ...

• HMIS Process Guide for YHDP PSH Providers

  This process guide outlines the HMIS data entry requirements for YHDP-funded Permanent Supportive Housing Projects. It contains detailed step-by-step instructions for creating and maintaining client records in Community Services (Michigan’s HMIS ...

• HMIS Overview for YHDP Joint TH-RRH Projects

  The PPT provides an overview of the project set-up and data collection requirements for Detroit’s YHDP Joint TH-RRH Component Project. Content information included; What is the Joint TH-RRH Component Project? Detroit’s YHDP Joint Component Projects ...