Privacy and Artificial Intelligence (AI) Assistance Technology

Privacy and Artificial Intelligence (AI) Assistance Technology

Overview

This document provides clear guidance on the responsible use of artificial intelligence (AI) tools, with a focus on protecting client privacy and complying with data security protocols. AI tools offer many benefits, but safeguarding client privacy is non-negotiable. Be vigilant, stay informed, and always prioritize secure handling of confidential information.

⚠️ Use Caution with AI Tools

Although AI technology (i.e. ChatGPT, Google Gemini, Microsoft Copilot, or any other content generators) can streamline and enhance many work tasks, it must be used with great care—especially when dealing with sensitive or client-identifiable information

      • Do not use AI-powered writing tools to prepare case notes or any communication involving client identified information.  This includes client names, case details, or any protected client data 

      • Do not use AI meeting assistants that automatically record, transcribe, or summarize any meetings where client information is discussed. 

There are several critical reasons for not using AI technology when client identifiable information is involved.

🔐 Privacy and Confidentiality Risks

      • Automatic recordings and transcriptions can capture sensitive, personally identifiable information such as client histories, personal identifiers, health details, or legal matters.
      • Entering or recording this information via AI tools may expose it to third parties, even if unintentionally.
      • Many AI tools store data on external servers, often outside your jurisdiction, which increases exposure to unauthorized access or data breaches.

⚖️ Regulatory Non-Compliance

      • Use of AI meeting assistants may violate laws such as:

        • HIPAA (Health Insurance Portability and Accountability Act)
        • 42 CFR Part 2 (for substance abuse treatment)
        • FERPA or other local data protection laws 

      • These tools may lack the required safeguards, data processing agreements, or encryption standards to comply with legal mandates.

🕵️‍♀️ Loss of Control Over Sensitive Data

  1. AI vendors may store, analyze, or use meeting content for training their models or improving their services.
  2. Even anonymized, residual data can still pose a risk of re-identification.
  3. Organizations can lose direct oversight of where the data goes, who it is shared with, and how long it is retained.

⚠️ Informed Consent Issues

      • Participants (especially clients) may not be aware their conversations are being recorded and processed by AI.
      • Failing to obtain explicit, informed consent undermines ethical standards and may erode trust in your organization.

🧾 Risk of Inaccurate or Misleading Notes

      • AI-generated summaries can:

        • Miss important context
        • Misinterpret tone or intent
        • Create incomplete or legally risky documentation

      • This is especially dangerous if the case notes are used for decisions, audits, or court proceedings.

🧾 Unapproved and Unvetted Tools

    • Many AI meeting tools are not approved by IT or compliance departments
    • They may lack security certifications, data handling controls, or contractual obligations required for handling confidential information.

    • Related Articles

    • Data Privacy & Confidentiality

      Introduction The Homeless Action Network of Detroit (HAND) is committed to managing its client records to comply with HMIS data privacy and confidentiality rules. These rules establish how Client PPI/PHI will be managed outside of the Homeless ...

    • Detroit CoC Income and Non-Cash Benefits

      Income sources and non-cash benefits are recorded to determine whether house holds are accessing all income sources and mainstream program benefits for which they are eligible at the time of project start. Collection this information throughout the ...

    • Working with Households

      When working with households, there are several factors to keep in mind: Selecting the correct household – When working with a client record, you will find many clients who appear to belong to multiple households. While there may be several factors ...

    • Date of Birth DQ Errors

      If your CoC APR shows clients with DOB data issues, be sure to check that: · The date of birth is recorded for the client · The Date of Birth Data Entry type is recorded as “Full DOB Reported (HUD)” Please refer to the attached job aid for assistance

    • Finding and Fixing Data Quality Errors on the CoC APR and CAPER

      This document is an instructional guide to run and review the Continuum of Care (CoC) Annual Performance Report (APR) and Emergency Solution Grant (ESG) Consolidated Annual Performance and Evaluation Report (CAPER) to correct missing and null data ...