*Don'ts:*
Avoid entering Protected Health Information (PHI) into unauthorized AI tools like ChatGPT without a Business Associate Agreement (BAA), as this violates HIPAA.1
*Do:*
Develop clear AI use policies defining approved tools, prohibiting consumer AI for patient data, and outlining approval processes with consequences for violations.12
*Do:*
Establish multidisciplinary AI governance councils including clinical, IT, cybersecurity, ethics, and legal experts to evaluate tools and enable secure innovation.23
*Do:*
Implement Data Loss Prevention (DLP) controls to block patient data from public AI platforms and run education campaigns on appropriate AI use.3
*Don't:*
React by completely blocking AI access, as this frustrates clinicians and leads to workarounds; instead, provide approved alternatives like ambient AI scribes.13
*Do:*
Communicate AI policies clearly, measure ROI, and budget for enterprise AI solutions to reduce documentation time and improve clinician satisfaction, achieving up to 89% reduction in shadow AI use.1
*Context:*
Surveys show 57% of healthcare professionals use shadow AI, with patient trust concerns at 93%; average breach costs exceed $7.4 million.4
Sources:
1. https://www.soapnoteai.com/soap-note-guides-and-example/shadow-ai-healthcare-2026/
2. https://healthtechmagazine.net/article/2026/03/how-address-shadow-ai-healthcare
3. https://www.zscaler.com/blogs/product-insights/shadow-ai-trust-how-healthcare-can-secure-future-artificial-intelligence
4. https://healthjournalism.org/blog/2026/02/shadow-ai-on-the-rise-in-health-care-as-patients-report-less-trust-surveys-say/