Liath Dalton 

You’re listening to Group Practice Tech, a podcast by Person Centered Tech, where we help mental health group practice owners ethically and effectively leverage tech to improve their practices. I’m your co-host, Evan Dumas.

 

Liath Dalton 

And I’m Liath Dalton, and we are Person Centered Tech.

 

Liath Dalton 

This episode is brought to you by Therapy Notes. Therapy Notes is a robust online practice management and electronic health record system to support you in growing your thriving practice. Therapy Notes is a complete practice management system with all the functionality you need to manage client records, meet with clients remotely, create rich documentation, schedule appointments and bill insurance all right at your fingertips. To get two free months of Therapy Notes as a new Therapy Notes user go to therapynotes.com and use promo code PCT.

 

Evan Dumas 

Hello and welcome to Episode 611: The Real Risks of Using Non-Vetted AI Platforms With Client Information.

 

Liath Dalton 

Welcome to this conversation and a little scene setting. In our last episode on AI, Episode 608, AI Isn’t the Problem, Lack of Governance Is–A PSA for Group Practice Leadership; we talked about what needs to stop immediately, specifically, the use of non-vetted and practice approved and controlled AI platforms with any client information.

 

Evan Dumas 

Mhm.

 

Liath Dalton 

And how to, in simple actionable terms, issue that prohibition right away. This episode, we’re really answering a different question, which is: why is this actually a problem? The reason we’re having this conversation is because, if the why is not clear, it’s really easy to underestimate the seriousness and from that to delay the next steps that are going to be needed.

 

Evan Dumas 

Yeah.

 

Liath Dalton 

So this is really a bridge from make it stop and what to do if it’s been happening, of the why.

 

Evan Dumas 

Yeah.

 

Liath Dalton 

And that basis should help equip you to navigate both pieces, of stopping things and explaining why you’re stopping it to your team members and then support you in managing it if it has been happening.

 

Evan Dumas 

Yeah.

 

Liath Dalton 

So, this is not about fear. I know some of what we’re talking about is scary, but it’s really just focused on understanding what’s happening so you can lead clearly, effectively, and a big part of that is responding appropriately.

 

Evan Dumas 

Mhm.

 

Liath Dalton 

Which all takes us back to what counts as Protected Health Information, which is what we have identified as where the breakdown is really occurring. So in the last episode, we addressed how that was playing such a, kind of, crucial role in this set of circumstances, but we want to sharpen it, again, because this is where most of the misunderstanding is happening, and this misunderstanding we are increasingly seeing is applicable both to clinicians and to practice leadership. And understandably so, like no no judgment there, because what constitutes PHI is quite expansive, and is all too often minimized and distilled down where it actually loses the accuracy of what it actually is.

 

Evan Dumas 

Yeah.

 

Liath Dalton 

So Evan, we are frequently emphasizing, out of the list of 18 identifiers under HIPAA, the 18th identifier, which really is a catch all, right?

 

Evan Dumas 

Oh, definitely, yeah.

 

Liath Dalton 

Can you refresh folks on what the 18th identifier is and what it includes?

 

Evan Dumas 

Yeah, so it really is a big, wide catch all, just like you said. Because it says any other unique identifying number, characteristic, or code. And so, from our reading from this, and from our consult consultation with attorneys and such, is that this includes like unique life circumstances, or clinical narratives, or relationship dynamics, or even special codes you create to obfuscate what the client is, but all of these details that you know aren’t unique enough to point to a person meet the standard of what PHI is. And this is a really broad and wide concept that I think a lot of people miss when they think about what PHI is.

 

Liath Dalton 

Exactly. And I feel like even just how characteristic is sandwiched between number and code leads folks to sort of skip over the consideration of what a unique characteristic actually is right?

 

Evan Dumas 

Yeah.

 

Liath Dalton 

And think, okay, well, we shouldn’t make up our own, like, medical record numbers that aren’t the actual record medical record numbers for clients, okay, that’s understandably an identifier. But this characteristic piece is so broad. Because, like you said, narrative and context based information really makes someone identifiable, even without names or direct identifiers. So as you’ve heard us say before, if a client would recognize themselves, it’s identifiable.

 

Liath Dalton 

Going further and expanding on this, if you, as the clinician, can recognize who it’s about, that means it’s still identifiable, because it’s still linked to a specific person. De-identified doesn’t mean hard to recognize.

 

Evan Dumas 

No.

 

Liath Dalton 

It means that there is no reasonable – emphasis on reasonable – basis to identify the individual. So again, it doesn’t mean I took the name out. It means there’s no reasonable way to connect that information back to a specific person.

 

Evan Dumas 

Mhm, yeah.

 

Liath Dalton 

So then, in the context of clinical context, a therapy session progress note or clinical summary is very explicitly tied to a specific individual by definition.

 

Evan Dumas 

Oh, yeah.

 

Liath Dalton 

So what does that mean? That means that the narrative in that context is inherently identifying. And I want to emphasize that this isn’t just a PCT interpretation, or a really like let’s go to the extreme and maximum application of what could be inferred from how Protected Health Information is defined. If you search something as simple as “Is narrative context in a therapy progress note considered PHI under HIPAA without other 18 identifiers present?” even the general AI summaries, pulling from HHS guidance will tell you in no uncertain terms, yes. Because there is a reasonable basis to identify the individual. That means it’s PHI.

 

Liath Dalton 

And I’m actually going to read a couple of the most important and telling points from the response to that Google search that I got, because I think it emphasizes the point really well. Which is “Yes, narrative context in a progress note for mental or behavioral health care is considered Protected Health Information under HIPAA, even if the 18 specific identifiers like name or social security number are not present. Under HIPAA, information is PHI if it is created by a covered entity, eg, a therapist, and relates to the past, present or future physical or mental health, of an individual, and if there is reasonable basis to believe that information can be used to identify the individual.”

 

Liath Dalton 

And then the last part of the sort of summary of the different reasons why narrative context constitutes PHI is the context of care heading. “A therapy session transcript is by nature, tied to a specific individual. Therefore, narrative content in that context is deemed identifiable.” That’s pretty, pretty clear, right?

 

Evan Dumas 

Yeah, yeah.

 

Liath Dalton 

And again, not not just us, but we also need to go a step further, remembering, again, as we’ve said before, that HIPAA is the floor, not the ceiling, and talk about AI re-identification risk. So this is something that information system security experts have been sort of sounding the alarm bells about for a while, which is that even when data is formally de-identified, including, according to HIPAA’s Safe Harbor method of de-identification, their research has consistently shown that data can be re-identified through pattern matching, and that seemingly anonymized data can actually be linked back to individuals.

 

Liath Dalton 

Why is AI so good at doing that? Basically because AI systems are designed to recognize patterns, combine data points and infer identity. So having just an inkling of age, age range, or profession, family structure, trauma type, geographic hints, those little data points can be enough for the AI to identify someone.

 

Evan Dumas 

Mhm, yeah, smart.

 

Liath Dalton 

It’s very smart. It’s it’s designed to be able to do that, because that’s part of what makes it useful. Basically, a takeaway from all of this should also be, though, that the more clinically meaningful information is, the more uniquely identifying it tends to be. And why that’s so important is because the most common use application that we are seeing, in the context of therapists utilizing AI, is related to clinical documentation support to help with progress notes, right?

 

Evan Dumas 

Yep.

 

Liath Dalton 

And by definition, that information needs to be clinically meaningful, which is going to mean that it’s going to be uniquely identifying.

 

Evan Dumas 

Yeah.

 

Liath Dalton 

Right? So really, what we’re seeing in these situations is that it absolutely is Protected Health Information. We’re not dealing with edge case de-identification. We are talking about clearly identifiable Protected Health Information.

 

Evan Dumas 

Mhm.

 

Liath Dalton 

Why does that matter? Because that means it is squarely in the scope of HIPAA.

 

Evan Dumas 

Oh, definitely. Yeah.

 

Liath Dalton 

Right? That’s that’s the main linkage. If it’s Protected Health Information, then it is the responsibility of the HIPAA covered entity to safeguard the confidentiality, availability, and integrity of that information. This isn’t even getting into the ethics layers, but just purely in HIPAA terms, if it’s PHI, you’re responsible for safeguarding it, and must employ technical, administrative, and physical safeguards in that process.

 

Liath Dalton 

So again, not a gray area. This is PHI. That means HIPAA applies.

 

Evan Dumas 

Mhm.

 

Liath Dalton 

Which translates to why, at a minimum, AI use involving client information must be limited to platforms that are HIPAA compliance compatible, and where the practice has a HIPAA Business Associate Agreement in place with the AI platform vendor. Without that, you don’t have safeguards, control or the accountability required for you to be able to fulfill your HIPAA obligations.

 

Liath Dalton 

So let’s kind of approach this from another angle as well, and really describe what happens when you enter data into personal AI, because this is what makes it so clear why HIPAA is not able to be applied here, right? That the obligations under HIPAA can’t be fulfilled when you’re using a personal AI platform.

 

Evan Dumas 

Mhm, yeah.

 

Liath Dalton 

So Evan, what happens when you put data into AI?

 

Evan Dumas 

Yeah, well, first it leaves your computer, so it leaves your sort of circle of control. It goes then to a third party, like chatGPT, something like that. Now, you don’t have a BAA, you don’t have any control or governance over it. And then they just sort of do with it what they want to. They might use it to train their large language model as we’re calling AI these days. It might just go to, sort of go into a public record. It might be saved indefinitely to help it better understand you, make choices. And all of this might be done without them telling you what they’re using it for. They might keep it in perpetuity. They might inform government agencies. Who knows? It’s a black box operation, and you have just fed it. You’ve just given it data, and it is happy to be fed.

 

Liath Dalton 

You are feeding the hungry beast.

 

Evan Dumas 

Yes.

 

Liath Dalton 

In other words, with a voracious appetite.

 

Evan Dumas 

Oh, yeah.

 

Liath Dalton 

And so in the in the process that Evan just described, the sort of mitigation challenge also comes up, because in that context, you can potentially delete a chat, but that doesn’t provide verifiable deletion from the AI’s servers, right? Just your access to it. You don’t have auditability of it to see who has accessed that information, how they use it.

 

Liath Dalton 

So that means your ability to meaningfully mitigate it is basically non existent, right? You do not want that circumstance arising.

 

Evan Dumas 

Yeah, no.

 

Liath Dalton 

And as we’ve said before, we are not seeing that AI itself is inherently problematic, not in this contained application of, or consideration related to AI use in a clinical context, right? We’re not getting into the sort of more philosophical and existential and safety and regulation pieces around AI as a whole. We’re talking about a really specific use application. And here AI itself isn’t the problem, but a lack of governance is. And Evan, when we talk about governance, what are we, what are we meaning?

 

Evan Dumas 

Yeah, so this is a nice broad term to include not just the control you have over something, but also how you train folks on it, the policies and procedures you have around it, the considerations you put into its use, and the sort of role it plays in your practice. So governance is, is all of that.

 

Liath Dalton 

Exactly. It’s a higher level than just control or access. It’s more systemic and comprised of multiple factors, kind of, each of which needs to be present and coalesce here.

 

Liath Dalton 

So for example, you have, in place, governance for your EHR. If you’re also using Google Workspace in your practice’s tech stack, that’s going to be something that is governed. But when it comes to personal AI tools, those can’t be governed.

 

Evan Dumas 

No.

 

Liath Dalton 

They’re missing crucial factors that make governance possible, and they are missing factors that make a system HIPAA compliance compatible.

 

Evan Dumas 

Mhm, yeah.

 

Liath Dalton 

And even though they might be otherwise helpful, that lack of ability to apply governance becomes a really significant and consequential liability.

 

Evan Dumas 

Definitely.

 

Liath Dalton 

Because, and this is the sort of distillation of all of that risk we’ve just talked about, when PHI is entered into a non vetted AI platform, without a HIPAA Business Associate Agreement, that is, under HIPAA, an impermissible disclosure.

 

Evan Dumas 

Yeah.

 

Liath Dalton 

And the next part of this is, is the kind of clincher.

 

Evan Dumas 

Yeah it is.

 

Liath Dalton 

Under HIPAA, impermissible disclosures are presumed to be breaches-

 

Evan Dumas 

Yep.

 

Liath Dalton 

– unless you, and again, the onus is on you, as the HIPAA covered entity, can demonstrate a low probability of compromise.

 

Evan Dumas 

Mhm.

 

Liath Dalton 

Dun, dun, dun. Which takes us to the reality that there is no easy fixing after the fact, and basically that low probability of compromise is really hard to show.

 

Evan Dumas 

Oh yeah, definitely.

 

Liath Dalton 

Let’s talk about why. And again, this is not something that you can just make a quick judgment on. It requires a structured and formal assessment where you have to evaluate the nature of Protected Health Information that was disclosed impermissibly. And now again, narrative equals highly identifying. Who received it? Well, that’s not under your control, and you don’t have the protections of a HIPAA Business Associate Agreement.

 

Evan Dumas 

Oh no.

 

Liath Dalton 

You also have to evaluate whether it was processed by the receiving entity to whom the impermissible disclosure was made. Evan, do AI tools process data?

 

Evan Dumas 

Yeah, every single time you enter it, it’s like thinking about it. It send it places. It’s adding it to its algorithms. Yeah, actively, actively processes what you’re putting into it.

 

Liath Dalton 

Right. That’s kind of its whole deal, right?

 

Evan Dumas 

Yeah.

 

Liath Dalton 

Now, what about the ability to mitigate? Because that’s the other thing that you have to evaluate in terms of determining whether there’s a low probability of compromise. Like if it’s if an impermissible disclosure has been made, can you remove that information before it can be used? Or remove it before further use, aka compromise without authorization, can occur. And that’s where things are particularly problematic with personal AI use. Because retrieving the information and verifying deletion, the reality is that’s not really possible, not with chatGPT, not with Claude, not with personal level accounts.

 

Liath Dalton 

No.

 

Liath Dalton 

Or without the protections of a HIPAA Business Associate Agreement. So the critical reality is that when it comes to personal AI tool use, it is extraordinarily difficult, if not actually impossible, to demonstrate that a low probability of compromise is in place. So your ability to mitigate risk after the fact is extremely limited.

 

Liath Dalton 

Which means a couple things. One that it needs to be stopped and prevented from continuing to occur, because that is going to then reduce how involved and extensive dealing with what has occurred and the impacts of that occurrence is going to be.

 

Liath Dalton 

And I want to really address something that I imagine is coming up for our listeners right now, and some strong, strong feelings and emotions, because I know this is impactful. I know it sounds scary, and you’re you’re thinking, wow, this is serious. When something feels serious, we can have an instinct to avoid it, right?

 

Evan Dumas 

Yep.

 

Liath Dalton 

And, and not want to know exactly how serious it is, how it has maybe played out in your practice. Maybe the inclination is to okay, I’m going to stop it from happening going forward, but don’t want to unpack how it has taken place to date. And it’s really important to sort of frame this through through a few different lenses. One is that risk isn’t created by discovering it, right?

 

Evan Dumas 

No, not at all.

 

Liath Dalton 

The risk already exists if it’s happening. In fact, discovering what’s been going on allows you to reduce risk.

 

Evan Dumas 

Mhm.It’s the only way.

 

Liath Dalton 

If you don’t know what’s going on, you can’t address it, and that risk is just going to sort of compound and compound exponentially in in this particular context,

 

Evan Dumas 

Yeah. Do you want to discover the risk, or do you want someone else to discover the risk?

 

Liath Dalton 

Right? And this is something that you navigate so frequently, Evan, in performing HIPAA security risk analysis and risk mitigation planning with with practices, right? What are, what are some, some ways that you talk about the value of identifying risks with folks when they’re feeling anxious about it?

 

Evan Dumas 

Yeah, I just really reflect the courage it takes to even look at these risks, to look at these things that, you know, they might have known in the back of their minds that they weren’t doing in like, a non judgmental way. Because anytime you say, Oh, I’m bad for doing this. I’m judging that I’m doing, I’m doing this, I’m a bad person. You don’t want to fix it. Because you get overwhelmed with the grief of this, this judgment. It’s like the, you know, the second arrow effect of like, the first one hurts, the second one is the one that you blame yourself for in the first place.

 

Evan Dumas 

So, you know, just even looking at a thing that’s already there, that takes a lot of energy. Take a pause after you do that, congratulate yourself for the vulnerability and courage to even look at the risk and then mitigate it later on. Like you know, you’re going to have to do a lot of work to not judge yourself for doing things you know, a risky way. But being responsible, being not really culpable, but being sort of admitting you’re like, Yeah, well, I didn’t know, and I kind of turned a blind eye, and I won’t anymore. You can decide from this point on to not do that, and no judgment for any of these things. I applaud anyone who has the capacity to do a risk analysis, and that’s why I really like doing them with folks.

 

Liath Dalton 

Exactly. And I know something a lot of clinicians will share, not in these exact words, with with clients, is a “know better do better” approach, right?

 

Evan Dumas 

Yeah, yeah.

 

Liath Dalton 

And the same applies here. We’re not faulting you, and you shouldn’t fault yourself for not knowing previously, right?

 

Evan Dumas 

Mhm, yeah.

 

Liath Dalton 

But knowing now is a responsibility, and that does come with requirements for for action steps in terms of doing better going forward. And this is actually something that HIPAA takes into account, right?

 

Evan Dumas 

Mhm.

 

Liath Dalton 

There is a very good reason why the standards include breach response and breach notification. Because there is no presumption that there will be no impermissible uses or disclosures of Protected Health Information. That’s a reality, that that those will occur at some point, in some way. And so the the purpose of the HIPAA Security Rule framework is to help you reasonably, or to identify reasonable threats to the confidentiality availability and integrity of Protected Health Information, and then put reasonable and appropriate safeguards in place to mitigate those threats.

 

Liath Dalton 

That cannot, reasonable and appropriate cannot encompass any and every possibility. The reality, though, is that AI and the risks it poses, if not governed and brought under the control of the practice and managed through effective safeguards and oversight, that that is a reasonably anticipated threat to PHI right?

 

Evan Dumas 

Yeah.

 

Liath Dalton 

And along with that, that there may have been impermissible disclosures, but that’s why there’s the HIPAA standard for how to respond to those impermissible disclosures within the framework of the HIPAA standards themselves.

 

Liath Dalton 

So that’s going to be what our next AI episode is dedicated to which is precisely, okay, you found out that these impermissible disclosures have been made to personal AI platforms, what do you do now to respond according to the HIPAA standards.

 

Evan Dumas 

Mhm.

 

Liath Dalton 

And it is not as scary as it might sound.

 

Evan Dumas 

No.

 

Liath Dalton 

And that’s also why we’re taking it a chunk at a time, and thought explaining the the why, before delving into some of the nitty gritty pieces around actual response, if it has been occurring, would be supportive. So if you haven’t listened to Episode 608 yet and are hearing all of our emphasis in this episode about why it’s so important to prevent non-vetted AI platforms being used with client info, go back to Episode 608 because that has really clear do-it-now, guidance on how to, without having like, comprehensive policies and procedures around AI use, just issue a simple prohibition to your team.

 

Evan Dumas 

Yeah.

 

Liath Dalton 

So if you want to do one thing right now and you haven’t yet done it, please do issue that prohibition to your team and make it clear.

 

Liath Dalton 

And then join us next time, and we’ll talk through how to find out if AI use in non-vetted platforms has occurred, and how to make that process also feel safe for team members and be supportive of a strong overall security culture within your practice, and then what your role as leadership is in responding to what occurred under HIPAA standards is.

 

Liath Dalton 

Thanks for joining us, and be gentle with yourselves going forward as as well. We’ll talk to you next week.

 

Evan Dumas 

All right. Talk to you next week everybody.

 

Liath Dalton 

This has been Group Practice Tech. You can find us at personcenteredtech.com. For more podcast episodes, you can go to personcenteredtech.com/podcast or click podcast on the menu bar.