Patient privacy and AI: what you can and can't put into ChatGPT

A powerful tool demands responsibility

AI tools are extremely useful, but they work by processing whatever you give them. And in dentistry that often means — patients' personal data. Before you drop a finding or a message into ChatGPT, it's worth pausing to think.

Note: this text is educational, not legal advice. For applying the rules to your specific case, consult a lawyer.

Rule number one

Don't enter data that can identify a patient into public AI tools. That's the simplest and most important rule. Public tools may use the data you enter for further training or store it on servers outside your control.

What counts as "personal data" in the practice

More than you might first think:

Full name, national ID, address, phone, email
Date of birth combined with other data
Health status, diagnoses, treatments — an especially sensitive category
Photos and scans where the patient can be recognized

Under data protection law, health data is a "special category" and enjoys heightened protection.

How to use AI safely

Anonymize — remove the name, contact, and all identifiers before pasting text. "Patient, 45, periodontitis" is fine; the name is not.
Use generic examples — for treatment plans and letters, describe the case in general terms.
Choose tools with better protection — enterprise versions often let you opt out of training on your data; some tools process data locally.
Check the settings — in ChatGPT you can turn off using your chat history for training.

The legal side, briefly

Consent — processing health data requires a clear legal basis.
Processors — if an AI tool processes data on your behalf, it's a "processor" and the relationship is governed by a contract.
Data transfers — many AI servers are abroad; transfers outside the EU have additional rules.
The regulator — data protection is overseen by your national data protection authority.

A quick checklist

Allowed:

Anonymous, generalized case descriptions
Writing templates, letters, and educational texts without personal data
Summarizing professional texts and research

Not allowed:

A name, national ID, contact, or recognizable scan in a public tool
A patient's entire medical history "for AI to give an opinion"
Sharing access to accounts holding patient data without control

Conclusion

AI and privacy aren't opposites — they just take a little discipline. If you make anonymizing patient data a habit, you can freely use the full power of these tools, with no risk to the trust your patients have placed in you.

Want more practical, responsible guides to AI in dentistry? Subscribe to the newsletter — I share what I've tried and learned.

A powerful tool demands responsibility

Note: this text is educational, not legal advice. For applying the rules to your specific case, consult a lawyer.

What counts as "personal data" in the practice

More than you might first think:

Full name, national ID, address, phone, email

Date of birth combined with other data

Health status, diagnoses, treatments — an especially sensitive category

Photos and scans where the patient can be recognized

Under data protection law, health data is a "special category" and enjoys heightened protection.

How to use AI safely

Anonymize — remove the name, contact, and all identifiers before pasting text. "Patient, 45, periodontitis" is fine; the name is not.

Use generic examples — for treatment plans and letters, describe the case in general terms.

Choose tools with better protection — enterprise versions often let you opt out of training on your data; some tools process data locally.

Check the settings — in ChatGPT you can turn off using your chat history for training.

The legal side, briefly

Consent — processing health data requires a clear legal basis.

Processors — if an AI tool processes data on your behalf, it's a "processor" and the relationship is governed by a contract.

Data transfers — many AI servers are abroad; transfers outside the EU have additional rules.

The regulator — data protection is overseen by your national data protection authority.

A quick checklist

Allowed:

Anonymous, generalized case descriptions

Writing templates, letters, and educational texts without personal data

Summarizing professional texts and research

Not allowed:

A name, national ID, contact, or recognizable scan in a public tool

A patient's entire medical history "for AI to give an opinion"

Sharing access to accounts holding patient data without control

Conclusion

Want more practical, responsible guides to AI in dentistry? Subscribe to the newsletter — I share what I've tried and learned.

Patient privacy and AI: what you can and can't put into ChatGPT

A powerful tool demands responsibility

Rule number one

What counts as "personal data" in the practice

How to use AI safely

The legal side, briefly

A quick checklist

Conclusion

Stay in the loop

Related articles

Will AI replace dentists?

Artificial intelligence in dentistry: the complete 2026 guide.

How AI is changing diagnostics in dentistry

Patient privacy and AI: what you can and can't put into ChatGPT

A powerful tool demands responsibility

Rule number one

What counts as "personal data" in the practice

How to use AI safely

The legal side, briefly

A quick checklist

Conclusion

Stay in the loop

Related articles

Will AI replace dentists?

Artificial intelligence in dentistry: the complete 2026 guide.

How AI is changing diagnostics in dentistry