Dental AI guide
Can I Paste This Into AI?
A red, amber, green guide for dental staff before they use public AI tools.
A single patient name in a ChatGPT prompt can become a privacy breach — and staff often don't realise they've crossed the line until it's too late. This guide gives every team member a simple red, amber, green rule they can apply in seconds, so the practice stays safe without slowing anyone down.
No patient data required. Use these guides for practice workflow education, not patient-specific advice.
If it identifies a patient or describes their care, do not paste it into public AI.
This guide is not legal advice. It is a practical staff safety guide for public AI tools. When unsure, do not paste the information. Ask the practice owner or manager.
Two privacy laws apply in NSW. As well as the Commonwealth Privacy Act 1988 and its Australian Privacy Principles (APPs), dental practices in NSW are also bound by the NSW Health Records and Information Privacy Act 2002 (HRIP Act) and its Health Privacy Principles (HPPs). Read the considerations here against both. General information, not legal advice.
What is public AI?
Public AI includes:
- ChatGPT (free or paid personal account)
- Gemini (free or paid personal account)
- Claude (public web version)
- Canva AI
- Social media AI tools
- Word or email AI features not approved by the practice
- Browser AI assistants and writing tools
- Any tool not approved by the practice for patient data
It also leaves the country
Pasting patient information into a public AI tool does not just expose it on a screen — it likely sends it overseas.
Public AI tools such as ChatGPT, Gemini and Claude are processed on servers outside Australia. When a practice pastes identifiable patient information into one of these tools, that may constitute a cross-border disclosure of personal information under APP 8 of the Privacy Act. APP 8 requires an APP entity to take reasonable steps before disclosing personal information to an overseas recipient, and the Australian practice can generally remain accountable for what the overseas recipient does with that information.
This is a separate consideration on top of the "don't expose patient data" message — not a replacement for it.
Practice manager note: Whether a specific act of pasting is characterised as a disclosure (APP 8) or a use (APP 6) of personal information is a nuanced legal question. What is clear is that pasting identifiable patient information into a public AI tool is a possible cross-border disclosure and a review trigger for the practice, not a safe default. Ahpra's AI case studies note that generative AI tools such as ChatGPT may store data outside Australia, and that patient data entered into offshore AI tools could lead to unintentional privacy breaches. The OAIC recommends not entering personal or sensitive information into publicly available generative AI tools.
This guide is not legal advice. If a practice is unsure about its obligations, seek qualified privacy or legal advice.
Also in the full guide
- Green: Usually OK
- Amber: Check first
- Red: Do not paste
- Staff decision guide
- Safer alternatives
- Practice policy insert
Optional — get a customised version
Request the version adapted for your practice
The guide above is free to read and download. If you would like a version tailored to your practice workflow, leave your details below. Use practice-level details only. Do not include patient names, treatment details, clinical notes, X-rays, invoices or identifiable emails.