PHI-Safe Prompting: How Dental Office Managers Can Use AI Without Violating HIPAA

You’ve heard the advice: use AI tools to save time, write better, work faster. And you want to. But every time you sit down to try ChatGPT or Claude or any other AI assistant, there’s a voice in the back of your head asking — is this HIPAA compliant? Am I putting patient data at risk? Could this get me or my doctor in trouble?

Those are the right questions to be asking. And the answer isn’t to avoid AI altogether — it’s to learn how to use it the right way. That’s what PHI-safe prompting is: a practical method for getting the full value of AI tools in your dental practice without ever putting protected health information at risk.

This is one of the core frameworks inside the DOMA AI Certification — and we’re sharing the foundation of it here because every dental office manager needs to understand this before they type a single word into an AI tool.

What is PHI and why does it matter in AI conversations?

Protected Health Information — PHI — is any information that can be used to identify a patient and is connected to their health, treatment, or payment history. Under HIPAA, dental practices are required to protect this information at all times, including how and where it’s stored, transmitted, or discussed.

PHI includes: patient names, dates of birth, Social Security numbers, addresses, phone numbers, email addresses, insurance ID numbers, account numbers, appointment dates tied to a named patient, clinical notes, treatment details, and X-ray or image data linked to a patient.

General AI tools like ChatGPT, Claude, and Gemini are NOT covered entities under HIPAA and do not sign Business Associate Agreements in their standard consumer versions. This means if you type patient information into these tools, you may be transmitting PHI to an unprotected third-party system — which is a HIPAA violation regardless of your intent.

The golden rule of PHI-safe prompting

Never input any information into a general AI tool that could identify a specific patient. That’s it. That’s the rule. Everything else flows from that.

The good news is that you don’t need patient-specific information to get enormous value from AI tools. The tasks where AI saves dental office managers the most time — writing, templates, scripts, SOPs, training materials, policy documents, communication frameworks — don’t require a single piece of patient data to complete.

What you CAN safely use AI for in your dental office

Here’s where general AI tools deliver real value for dental office managers without touching PHI. Use AI freely for all of the following:

Writing and communication templates. Patient welcome letters, appointment reminder scripts, no-show follow-up messages, treatment plan communication frameworks, recall outreach templates, and insurance explanation letters can all be drafted with AI — using fictional or generic patient language — and then personalized with real patient details in your practice management software afterward.

HR and team management. Job descriptions, interview questions, onboarding checklists, performance review frameworks, disciplinary documentation templates, team meeting agendas, and staff policy updates are all fair game for AI assistance.

SOPs and systems documentation. Write your front desk SOP, your end-of-day checklist, your morning huddle format, your new patient workflow, and your insurance verification process with AI. These are practice-level documents with no patient-specific data.

Financial analysis and reporting frameworks. You can describe a scenario — ‘our AR over 90 days is 18% of total receivables, what are the most common causes and how should I prioritize follow-up?’ — without naming a single patient. AI can analyze the situation and give you an action plan based on the numbers alone.

Difficult conversations and coaching scripts. Use AI to help you prepare for a hard conversation with a team member, a salary negotiation with your doctor, or a patient complaint situation — using general descriptions of the scenario, not names or identifying details.

PHI-safe prompting in practice: before and after examples

Here’s what the difference looks like in real prompting situations:

UNSAFE: ‘John Smith, DOB 4/12/1978, has a balance of $847 from his crown procedure on 2/15. He hasn’t responded to two calls. Write me a collection letter.’ This prompt contains a patient name, date of birth, procedure detail, and appointment date — all PHI.

PHI-SAFE: ‘Write a professional but firm patient balance follow-up letter for a patient who has an outstanding balance over $800 from a recent restorative procedure and has not responded to two previous phone attempts.’ Same result. Zero PHI.

UNSAFE: ‘Mary Johnson is a new patient who came in yesterday. She has Aetna PPO and her coverage maxed out. She needs two crowns and a root canal but said she can’t afford it. Help me follow up with her.’ Multiple PHI identifiers in a single prompt.

PHI-SAFE: ‘Write a follow-up script for a new patient who received a comprehensive treatment plan on their first visit, has PPO insurance with a maxed-out annual benefit, and expressed concern about the cost of treatment including two crowns and a root canal.’ Same situation, zero patient identity.

The three-step PHI check before every AI prompt

Before you hit send on any AI prompt, run through this three-step check. It takes five seconds and protects you every time.

Step 1 — Name check: Does my prompt include any patient name, nickname, or initials that could identify them? If yes, remove it and replace with ‘a patient’ or a generic descriptor.

Step 2 — Data check: Does my prompt include any dates, ID numbers, dollar amounts, insurance details, or clinical specifics tied to a real patient? If yes, either remove them or replace with approximate ranges or generic descriptions.

Step 3 — Combination check: Even if no single piece of information identifies the patient, could the combination of details — age, procedure, insurance, date, location — narrow it down to one person? If there’s any doubt, strip more details until you’re describing a scenario, not a person.

What about HIPAA-compliant AI tools?

There are AI tools designed specifically for healthcare that do sign Business Associate Agreements and are built with HIPAA-compliance in mind. These tools are appropriate for tasks that do require patient-specific data — like AI-assisted clinical documentation, automated insurance verification, or AI-powered patient communication platforms integrated directly with your PMS.

The key distinction is this: dental-specific, HIPAA-compliant AI tools are built to handle PHI within a protected environment. General AI tools are not. Know which category your tool falls into before you decide what to put in it.

Building a PHI-safe AI culture on your team

As the office manager, you set the standard for how AI is used in your practice. That means it’s not enough for you to understand PHI-safe prompting — your entire front desk team needs to understand it too. Before you roll out any AI tool to your team, build a short training session around these three things: what PHI is, what tools are and aren’t approved for use, and how to rewrite any prompt to remove patient identifiers.

Create a one-page PHI-safe prompting reference guide and post it at every workstation where team members might use AI. Simple, visible reminders prevent the kind of casual mistakes that happen when someone is trying to move fast.

The bottom line

AI is not off-limits for dental office managers. Not even close. The managers who are going to lead their practices into the next decade are the ones learning how to use these tools responsibly, confidently, and effectively right now. PHI-safe prompting is the foundation that makes all of that possible.

If you want to go deeper, the DOMA AI Certification covers PHI-safe prompting in full, along with every other framework you need to become the AI leader in your practice. The founding cohort is open now. This is your moment to get ahead of the curve before AI certification becomes the standard expectation for every dental office manager in the country.