Safe AI · Professional Practices

Your staff is already using AI. The question is whether your client data is going with it.

I help law, accounting, medical, dental, and financial practices put AI to work with clearer rules, safer workflows, and better decisions about sensitive data. We start with a written policy and one practical workflow your team can actually use. Plain language, no fear, no hype.

Start a conversation See how it works

If you run a practice, you've probably thought one of these

"I'm fairly sure someone here is pasting client information into ChatGPT — and we have no policy saying they shouldn't."

"We want to use AI for intake and drafting, but I'm frozen by HIPAA — or the bar, or the regs we answer to."

"Every vendor pitches me 'AI.' Nobody can tell me whether it belongs near the kind of data we hold."

That last one is the gap I work in. Plenty of people will sell you AI. Very few can help you decide, in plain terms, whether a given tool belongs near regulated client data — and then document a safer way to use it. That's the whole job.

The engagement

A Safe-AI starter, built for how your practice actually works.

Not a strategy deck. Two concrete things you keep: a written AI-use policy that fits your situation, and one safer, documented workflow, such as intake, document drafting, scheduling, or internal search, set up around the data your team actually handles.

You walk away with — 01

A written AI-use policy

Plain-language rules for what your team can and cannot put into which tools, written around the data you actually hold and the obligations you actually answer to, whether that involves HIPAA, professional duties, financial regulations, vendor agreements, or internal policy.

You walk away with — 02

One safer, documented workflow

A single high-value use, usually the one eating the most time, reviewed and set up with the right tool, clearer boundaries, and documentation your team can follow. Not a pilot nobody touches. Something practical enough to use after the engagement ends.

Why this is different

I come at AI from the security and systems side first

Most of my career has involved the unglamorous work of keeping digital systems useful, maintained, and safer: HIPAA-aware content systems, Cloudflare hardening, secure intake workflows, vendor data questions, bot traffic, and the maintenance work most "AI transformation" pitches skip.

The AI is rarely the hardest part. The harder question is whether a tool belongs anywhere near the kind of data your practice holds, and what guardrails need to exist before your team uses it.

Honest fit

Who this is for — and who it isn't.

A good fit

  • Small and mid-size practices — law, CPA/accounting, medical, dental, financial advisory
  • Owners who want to adopt AI without ignoring data obligations
  • Teams already using AI informally who need clearer rules before sensitive data ends up in the wrong tool
  • Practices that value a straight answer over a sales pitch

Not a fit

  • Anyone wanting to move fast and sort out the data risk later
  • Looking for the cheapest possible tool, data obligations aside
  • Large enterprises with an internal IT and security function already doing this
  • "AI transformation" for its own sake, with no specific problem to solve

Boundaries

What this is not

This is not legal advice, a formal compliance audit, or a replacement for counsel, IT, or a security firm. It is practical AI and workflow guidance designed to help your team make safer, better-documented decisions before sensitive information ends up in tools that were never reviewed.

What it looks like

Three steps, no theater.

01

Assessment

A written picture of your current AI exposure, what your team is already doing, where the real risks are, and where it may be reasonable to move next. A practical starting point for reducing risk and documenting decisions.

02

Policy & one workflow

A plain-language AI-use policy plus one safer, documented workflow set up around your team, your tools, and the kind of data you handle.

03

Hand-off, or stay on

For practices that want a trusted person to help review new tools, update internal guidance, and keep workflows aligned as AI products and rules change. Entirely optional.

Engagement

How engagements are structured.

Most practices start with the assessment — a paid diagnostic that's worth having on its own, and tells us both whether the rest makes sense. Work is packaged by outcome, not billed by the hour.

Start here

Assessment

A written picture of your current AI exposure, what your team is already doing, where the real risks are, and where it may be reasonable to move next. A practical starting point for reducing risk and documenting decisions.

Then

Policy + workflow

A plain-language AI-use policy plus one safer, documented workflow set up around your team, your tools, and the kind of data you handle.

Optional

Ongoing

For practices that want a trusted person to help review new tools, update internal guidance, and keep workflows aligned as AI products and rules change. Entirely optional.

Start the conversation

Want to use AI with clearer rules around the data?

Send a note about your practice and what you're trying to do. If it's a fit, the first step is a short conversation — no pitch, just whether this makes sense for you.

Start a conversation