We do not share your details. No sales sequence. Just the briefing.
Your people are not doing anything malicious. They are trying to work faster. But every time a team member pastes client care notes into ChatGPT, every time a case manager uploads a rehabilitation plan to a free browser tool, that data has left a secure environment. Without a DPIA. Without lawful basis. Without your knowledge.
Only 11% have received any formal AI training. Inside a case management organisation, that means AI is touching sensitive client health data, care plans and rehabilitation records without governance, without DPIA screening and without your knowledge.
Brain injury, complex needs, vulnerable adults. The data your team handles every day sits in the highest protection tier under data protection law. The ICO requires a DPIA before any AI system processes it. Most organisations have not done one.
If your AI use influences care decisions or service eligibility assessments for your clients, it is likely to fall within the EU AI Act Annex III high risk classification. That means obligations beyond Article 4 literacy training. And fines up to €35 million sitting alongside your existing ICO exposure.
If an AI output influences a care decision, the accountability stays with the registered practitioner. The tool does not absorb it. HCPC fitness to practise obligations apply regardless of which AI system generated the recommendation.
Safe care and treatment standards now extend to digital and AI tools used in clinical and care planning workflows. An inspection that finds ungoverned AI use in a CQC regulated practice is not a hypothetical risk. It is an emerging reality.
This is not a generic AI overview. It was written for case management organisations specifically — for the work your team does daily, the data you handle and the obligations you carry as registered professionals. No jargon. No vendor marketing.
What shadow AI is, why it is almost certainly happening inside your organisation right now, and why a policy that says staff may use ChatGPT creates exactly the gap that puts your clients at risk.
Each body has different expectations. All of them have the same answer. One properly built governance framework satisfies all four. But it takes time to build and some of these obligations are already live.
Care notes, rehabilitation plans, correspondence with solicitors and insurers. A clear picture of where your client data goes when a team member uses a consumer AI tool and what that means under UK GDPR Article 32.
The registered practitioner. Always. AI outputs that influence care decisions without proper human oversight create direct HCPC fitness to practise risk. This section explains where that line sits and how to stay the right side of it.
Not a fifty page handbook. Five questions your leadership must be able to answer right now. The decisions that belong to your practice leads, not your IT provider.
Every primary risk area — shadow AI, client confidentiality breach, care planning documentation, solicitor correspondence, HCPC accountability, CQC inspection readiness — rated by likelihood, severity and which regulation it sits under.
These pressures are converging on every case management organisation at the same time. One properly built governance framework satisfies all four — but it takes time to build, and some of these obligations are already live.
BABICM standards require that practice remains evidence-based, client-centred and professionally accountable. When AI outputs influence assessment, goal-setting or care planning, those outputs become part of the professional record. The accountability does not transfer to the tool. It stays with the case manager who used it.
Professional accountability — non-negotiableHCPC registrants carry personal accountability for clinical decisions. If an AI system generates a care recommendation and that recommendation is acted upon without adequate human review, the registrant has not discharged their professional duty. The Standards of Conduct, Performance and Ethics do not create an exception for AI-assisted decisions.
Direct fitness to practise riskCQC’s Key Question on safe care and treatment now extends to digital and AI tools used in clinical and care planning contexts. An inspection that surfaces ungoverned AI use — tools in use without a policy, without a DPIA, without staff training — creates direct safe care findings. The inspection framework has caught up with the technology faster than most organisations have.
Safe care findings at inspectionHealth and care data is the highest protection tier under UK GDPR. Any AI system processing it requires a Data Protection Impact Assessment before use. Most consumer AI tools have no DPA in place with your organisation. Every time a team member uses them on client data, you are processing special category data without a lawful basis. The ICO fine is yours.
Up to £17.5M — ICO higher tier enforcementSafer Haven AI was founded by Darren Sharples. Twenty-five years of C-suite leadership across UK businesses. A registered BACP member currently completing a Level 4 Diploma in Therapeutic Counselling.
The organisations that struggle most with AI are not struggling because of the technology. They are struggling because of how their people feel about it.
In case management, that human dimension is not a side note. Your team works with some of the most vulnerable people in the country. Fear and uncertainty about AI in that environment is not irrational. It is appropriate. We work with that first. Then we build the governance, the training and the protocols around it.
We spent time embedded inside a case management organisation before building our approach for this sector. The briefing reflects that.
We do not arrive with a framework built for someone else. We start by understanding exactly where you are — including what nobody has officially sanctioned.
Before any training or governance work begins, we map where your organisation actually stands. Which tools are in use, by whom, for what. Where client data is at risk. Where your current policies do not cover AI use. A clear picture of your exposure mapped to your BABICM, HCPC and ICO obligations — not a generic report written for any sector.
We work with your leadership and registered practitioners to build governance that is proportionate, practical and defensible. Approved tool lists, data handling rules for special category health data, human review requirements for AI outputs influencing care decisions. Built around how your organisation actually works, then trained into your team properly.
We check in at 48 hours and return at 40 days to assess what is working, what has slipped and what needs reinforcing. For organisations that want continued support as regulation evolves, we offer a capped retainer that keeps you ahead of what is coming.
The briefing is free. It takes under twenty minutes to read. And it will give your leadership and registered practitioners a clearer picture of AI risk in case management than most organisations have invested months trying to build.
We do not share your details. We do not add you to a sales sequence. You will receive the briefing and nothing else unless you ask for more.