University of Illinois System
Our CompassLocationsImpactPriorities & Initiatives

Using Public AI Tools

Public AI tools—such as consumer chatbots, free AI assistants, and publicly accessible generative AI services—have significant data privacy limitations. Information you enter may be stored, used for model training, or accessible to the vendor.

The following guidance applies to these public tools:

  • You May input: Publicly available information, general questions, non-sensitive drafts
  • You must Never input: Student records (FERPA/GDPR), patient information (HIPAA), Social Security numbers, financial account data, research data with PII, proprietary/confidential information, export-controlled data

IMPORTANT: This should be considered a minimum systemwide baseline. This list is not exhaustive. When in doubt, don't input it—consult your university security office or the Digital Risk Office.

Data Flow Illustration

Using University-Approved Private AI Tools

Some AI tools have been vetted and approved by your university for use with certain types of non-public data. These tools have been reviewed by the university and have appropriate contracts, security controls, and data protection in place. If your university has approved a specific AI tool for certain data types, that tool may be used for data that would otherwise be prohibited in public AI tools.

Before using any AI tool with non-public data, verify: (1) the tool is on your university-approved list, (2) the specific data types are permitted, and (3) you understand any usage restrictions.

To learn more or for additional support, please refer to the resources from your university below.

University-Specific AI Tools

Domain Guidance

Teaching & Learning

  • Communicate Expectations Clearly: Include AI use policies in syllabi
  • Teach AI Literacy: Help students and faculty understand AI capabilities and limitations
  • Rethink Assessment Design: Focus on process and critical thinking
  • Use AI Detection Tools Cautiously: They produce false positives
  • Model Appropriate Use: Demonstrate professional AI use in your field

Research

  • Follow Funder Requirements: Adhere to sponsor policies on AI use
  • Secure Data & Infrastructure: Coordinate with IT, especially for sensitive data
  • Document AI Use: Maintain records for reproducibility and traceability
  • Verify AI Output: AI can fabricate citations and misrepresent findings
  • Disclose AI Use in Publications: Follow journal and professional authorship policies

Healthcare

  • Use Only Approved Clinical AI Tools: Must be HIPAA-compliant and clinically reviewed
  • Maintain Clinical Judgment: AI assists but does not replace decision-making
  • Never Enter PHI into Non-Approved Tools: Violates HIPAA and university policy
  • Document AI-Assisted Decisions: Note when AI contributed to clinical work
  • Report Concerns: Alert clinical informatics of concerning outputs

Operations & Administration

  • Vet AI Tools Before Procurement: Work with IT security, privacy, and procurement
  • Understand AI in Existing Tools: Many platforms now embed AI features
  • Start with Low-Risk Use Cases: Draft communications, summarize documents
  • Protect University Data: Use non-public data in tools approved for that classification of data
  • Consult Functional Area Experts: Laws can prevent the use of AI in operations and administration.