Do not paste an identifiable client narrative into ChatGPT, Claude, or Gemini to draft a progress note or treatment summary. Doing so discloses confidential client information to a vendor you do not control, which can breach both HIPAA and the NASW Code of Ethics, no matter how clean the summary comes back. The problem is not the quality of the AI. The problem is who else now holds the story.
You know the moment. It is 6 p.m., you have eleven open cases, and the note for the intake you finished two hours ago is still a wall of shorthand. A summarizer that turns five bullet points into a clean paragraph looks like a gift. But the second you type the client's name, diagnosis, address, or a detail specific enough to identify them, you have handed protected information to a company whose data practices you did not vet and cannot audit.
The breach is the disclosure, not the summary
The confidentiality violation happens at the moment you send the text, before the model writes a single word back. Under the NASW Code of Ethics, Standard 1.07 (Privacy and Confidentiality) governs how social workers handle client information. Sharing an identifiable client narrative with an outside vendor is a disclosure of confidential information, and disclosures require a clear basis such as client consent or a legal exception.
Here is what most guides won't tell you: NASW does not ban artificial intelligence. There is no rule that says a social worker cannot use a language model. The ethical line is not the tool, it is the destination of the data. An approved tool that keeps information inside a controlled boundary can be defensible. A free consumer chatbot that ingests whatever you paste, with terms you never negotiated, generally is not.
Reframe the risk: the question is never "is the AI's writing good?" It is "who besides me can now read this client's story, and did the client agree to that?"
What the 2017 NASW updates actually require
The 2017 revisions to the NASW Code of Ethics added technology-specific duties that map directly onto AI use. Standard 1.07(m) advises taking reasonable steps to protect the confidentiality of electronic communications, using safeguards such as encryption, firewalls, and passwords. Standard 1.07(n) advises developing and disclosing policies for notifying clients of a confidentiality breach in a timely manner.
Read those two together and a standard emerges. If you route client detail through a service with no encryption you can point to and no breach-notification path, you have skipped the safeguards the Code names. And if that service later suffers a data incident, 1.07(n) expects you to already have a plan for telling affected clients. A consumer chatbot gives you neither a safeguard you can document nor a breach-notification channel you can invoke.
The 2017 NASW Standards for Technology in Social Work Practice go further. The core professional duties, including informed consent and confidentiality, apply the same in person as through technology. Technology does not lower the bar. It adds surfaces where the bar can be missed.
When the notes contain PHI, HIPAA adds a hard rule
If your notes contain protected health information, HIPAA layers a specific requirement on top of the ethics code. Any third-party vendor that handles PHI on your behalf must sign a Business Associate Agreement, the BAA required under 45 CFR 164.504(e). Consumer AI free tiers do not offer a BAA. That is the plain reason a free chatbot is off-limits for identifiable clinical detail: without a signed BAA, the vendor has no lawful footing to process the PHI, and you have no contractual protection if it mishandles it.
A BAA is not paperwork theater. It binds the vendor to safeguard the PHI, to limit how it uses the data, and to report breaches back to you. Strip that away and you are trusting a public terms-of-service page. For a clinical social worker, that is not a defensible position if a client, a supervisor, or a licensing board ever asks where the note went.
What actually happens to text you paste into a consumer chatbot
Once client detail leaves your screen, you lose the ability to answer basic questions about it. Where is the text stored, and for how long? Who inside the vendor can read it? Is it used to improve the model? Can you have it deleted on request, and can you prove the deletion happened? For an agency-approved tool with a BAA, those answers are written down and enforceable. For a free consumer product, the honest answer to most of them is that you do not know.
That uncertainty is the whole problem. Standard 1.07(m) asks for safeguards you can point to, such as encryption, firewalls, and passwords. You cannot point to a safeguard you cannot see. And if the vendor later has a data incident, Standard 1.07(n) expects a breach-notification path, which a free chatbot does not give you. The gap is not hypothetical. It is the difference between a disclosure you can defend and one you cannot explain.
De-identification helps, but it is harder than it looks. Removing a name is not enough when the surrounding narrative is specific: a rare diagnosis, an exact address, a distinctive family situation, or a combination of small facts can point back to one person. Treat identifiability as a spectrum, not a checkbox, and assume that detailed narratives about real clients are identifiable even after the obvious labels come off.
Quick test before you paste: could a stranger reading this text identify the client? If yes, it does not belong in any tool that lacks a signed BAA and your agency's approval.
The safe workflow: approved tools, BAA, consent, minimization
You can use AI to work faster without violating confidentiality. The safe path applies the NASW standards above rather than working around them. Four moves carry most of the weight.
1. Use only agency-approved tools
Your agency, not you, decides which AI services are cleared for client data. An approved enterprise tool typically comes with a signed BAA, documented encryption, and an incident-response path, which is exactly what 1.07(m) and 1.07(n) call for. If a tool is not on the approved list, treat it as public and keep client detail out of it.
2. Get informed consent for AI use
Informed consent applies the same through technology as in person. If AI will touch a client's information in a way the client would not reasonably expect, tell them and get agreement. Consent is not a signature you file and forget. It is the client understanding what happens to their story.
3. Minimize identifying detail
Even inside an approved tool, share the least identifying information the task needs. Strip names, addresses, dates of birth, and any detail specific enough to point back to one person. If you can draft a note structure or phrase a clinical concept using de-identified inputs, do that, then fill in the specifics yourself in the record system.
4. Keep the record inside the covered system
The official note belongs in the electronic health record or case-management system your agency runs under its own safeguards and BAA. AI can help you think and phrase. It should not become the place your client's information lives.
- Draft with structure, not identity: ask the tool for a note template or a way to phrase a clinical observation, then add the specifics yourself inside the record system.
- Keep a written note of which AI tools you use and how, so you can answer a supervisor or board without reconstructing it from memory.
- When in doubt, ask your agency's privacy officer before pasting, not after; the disclosure cannot be undone once it happens.
- Treat screenshots, transcripts, and voice notes the same as typed text; an audio clip of a session is as identifiable as a written narrative.
None of this slows you down once it becomes habit. The reflex you are building is small: before any client detail leaves your control, pause on two questions. Is this tool approved and covered, and did the client agree to this use. If either answer is no, the text stays with you.
Consumer AI vs approved AI vs staying in the EHR
The differences come down to three questions: is a BAA in place, does the tool meet the NASW 1.07 safeguards, and do you still need client consent. Consent does not disappear just because the tool is covered.
| Question | Consumer AI (free tier) | Agency-approved AI (with BAA) | Inside a BAA-covered EHR |
|---|---|---|---|
| BAA in place? | No. Free tiers do not offer one. | Yes, signed with the vendor. | Yes, already covered by the system. |
| Meets NASW 1.07 safeguards? | No documented encryption or breach path you can invoke. | Yes, encryption and incident response are part of the agreement. | Yes, that is what the system is built for. |
| Client consent still needed? | Not a lawful home for the data in the first place. | Yes, if AI use goes beyond what the client would expect. | Yes, per your standard consent and disclosure practices. |
Notice the third row: even the safest column still requires consent. A BAA covers the vendor relationship. It does not stand in for the client's agreement about how their information is used.
Keep your planning context out of the model's training path
Most of the value you want from AI is not writing the official note. It is having your own working context ready: your caseload themes, the frameworks you lean on, the phrasing you reuse across similar situations. That planning layer does not need to sit inside a consumer model, and it should not.
MemX is an external memory layer you control that persists context across ChatGPT, Claude, and Gemini. For a social worker, that means your reusable planning material can live in a space you own, private by architecture through per-user isolation, encryption at rest, and on-device options, instead of being pasted into a consumer model where you cannot see what happens next. It keeps your working context portable across tools while keeping identifiable client detail out of a consumer model's path. MemX is not a HIPAA-compliance product and is not a substitute for your agency's approved, BAA-covered systems for the client record itself. Use it for the thinking scaffold, not the confidential file.
Frequently asked questions
01Can social workers use ChatGPT for case notes?
Not with identifiable client information. Pasting a client narrative into a free consumer AI discloses confidential data to a vendor with no BAA and no documented safeguards, which can breach HIPAA and NASW Standard 1.07. De-identified, general help is a different question, but the client record belongs in an approved system.
02Does NASW ban artificial intelligence?
No. The NASW Code of Ethics does not prohibit AI. Its confidentiality duties under Standard 1.07 govern where client information can go. An agency-approved tool with proper safeguards can be defensible; a free consumer chatbot handling identifiable client detail generally is not.
03What is a BAA and why does it matter for AI?
A Business Associate Agreement, required under 45 CFR 164.504(e), is a contract binding a vendor that handles protected health information to safeguard it and report breaches. Consumer AI free tiers do not offer a BAA, so they are not a lawful home for identifiable PHI.
04Do I still need client consent if the AI tool is approved?
Yes. A BAA covers the vendor relationship, not the client's agreement. If AI touches a client's information in a way they would not reasonably expect, informed consent still applies, the same through technology as it does in person.
05How can I use AI safely as a case manager?
Use only agency-approved tools, obtain informed consent when AI touches client information, and minimize identifying detail by stripping names and specifics. Keep the official record inside your BAA-covered EHR or case-management system, and use AI for phrasing and planning, not storage.
The instinct to save time on documentation is not the problem. The fix is simple to state and worth repeating: keep identifiable client detail inside tools your agency approved, get consent when AI touches a client's story, share the least information the task needs, and let the record live in a system built to protect it. The good summary was never the risk. The disclosure was.
