Download PDF (140 KB)
PDF version — print or share with your team.
Clinic managers want to know whether Claude Cowork can take administrative work off their plate without putting patient information at risk under PHIPA. According to Statistics Canada, 12.2% of Canadian businesses now use AI, double the rate a year earlier, so clinic staff are already reaching for these tools. The duty to protect personal health information stays with the clinic.
Mike Pearlstein, CISSP, MSc AI, founder of Fusion Computing, which has secured IT for Canadian healthcare clinics across Toronto, Hamilton, and Metro Vancouver since 2012.
Key takeaways
- A clinic can use Claude Cowork for administrative work on a Team or Enterprise plan with scoped access and a written policy.
- Keep personal health information out of the tool, de-identify it first, or run a documented PHIPA assessment. Prompts reach Anthropic.
- Scope it to an admin folder, never the EMR or clinical drive.
- Cowork stores its work locally, so it sits outside your audit logs. PHIPA records of use and disclosure need a record you build yourself.
Can healthcare clinics use Claude Cowork under PHIPA?
Yes, a clinic can use Claude Cowork for administrative work on a Team or Enterprise plan, with access scoped to a folder that holds no patient identifiers and a written policy. Personal health information is a separate question. Because the prompts reach Anthropic, PHI leaves the clinic’s direct custody, so it should stay out of the tool, be de-identified first, or go through a documented PHIPA assessment with the right consent.
The duty to protect health information is the clinic’s, and no vendor setting removes it. What a clinic controls is the scope: which files the agent opens, which plan governs the data, and whether any patient information is involved at all.
It’s the same secure-adoption logic from the pillar guide on using Claude Cowork securely in your business, applied to a PHIPA custodian, and it sits alongside our broader IT for healthcare clinics work. The parallel guides cover law firms and accounting firms under their own regulators.
What Claude Cowork safely does for a clinic
Claude Cowork is strongest at clinic administration, not clinical records. The safe jobs use no patient identifiers: drafting administrative letters and forms, writing scheduling and reminder messages from a de-identified list, maintaining policy and procedure documents, preparing non-PHI billing references, and building intake-form templates. Each output is a draft for a human to review before it goes anywhere near a patient.
Here’s how those administrative jobs map to the work, with the guardrail that keeps each one inside PHIPA. Fusion Computing walks clinics through this before any pilot, the same way we scope any AI services engagement.
Book a 30-minute call to scope Claude Cowork for your clinic safely →
| Task | What Cowork does | The guardrail |
|---|---|---|
| Administrative letters and forms | Drafts referral cover letters, recall notices, and templates | No patient identifiers in the source folder |
| Scheduling and reminders | Drafts reminder and rebooking messages | De-identified or admin data only |
| Policy and procedure documents | Writes and updates clinic policies and SOPs | Internal documents, no patient data |
| Billing and claim prep | Organizes non-PHI billing references and code lists | Patient identifiers stay out of the folder |
| Intake-form templates | Builds and refines intake and consent templates | Templates only, never completed forms |
The PHIPA and PHI guardrails
The core guardrail is keeping personal health information out of the tool by default. PHI is information about an identifiable patient, and because Cowork sends prompts to Anthropic, putting PHI in moves it outside the clinic’s direct custody. Scope the agent to an administrative folder, de-identify anything that must be processed, and run a documented PHIPA assessment before any PHI use. Keep the EMR off limits.
The mistake we flag most often is scope. When a clinic points the agent at an EMR export or a clinical drive, every task touches PHI. Scope it to an administrative folder with no identifiers and the PHIPA exposure drops to near zero. That’s the single change that helps most, and you don’t need anything fancier to start.
Field note. In the clinic pilots I’ve run, the first thing I do is draw a hard line around the EMR. I’ve seen staff want to summarize charts on day one. We start with letters, policies, and scheduling instead, prove the workflow, and only revisit PHI after a privacy officer has signed off on an assessment.
The policy is the other half. A short rule set, the kind we cover in our guide on what belongs in an AI acceptable use policy, names the approved tool, states that PHI stays out unless assessed, and says who may run it. Fusion Computing pairs that with a cybersecurity review so the clinic has a defensible position.
The oversight gap for PHIPA records and audits
Claude Cowork stores its conversation history locally on each user’s computer, and that activity is not captured by audit logs, the Compliance API, or data exports. For a clinic this matters: PHIPA expects a custodian to account for how health information is used and disclosed. Team and Enterprise owners can stream Cowork events to a SIEM through OpenTelemetry, which Anthropic notes does not replace audit logging for compliance.
According to Anthropic’s guidance on using Cowork on Team and Enterprise plans, the local history “is not subject to Anthropic’s standard data retention policies and cannot be centrally managed or exported by admins.” The Enterprise audit logs that do exist capture metadata, not the content of the work.
That gap is a strong reason to keep PHI out of Cowork. For the administrative work that stays in scope, Fusion Computing wires the OpenTelemetry stream into the same monitoring we run for managed detection and response, so the clinic sees tool calls and file access. If health information is ever in play, the clinic keeps its own record on purpose.
Plan tier and a setup checklist for a clinic
The plan tier is the first decision: only Team and Enterprise carry the “not trained on by default” commitment plus the admin controls a clinic needs. From there, a safe rollout is short: scope to an administrative folder, keep “ask before acting” on, put a PHI rule in the policy, turn on OpenTelemetry monitoring, keep a privacy officer signing off, and run a PHIPA assessment before any patient information goes near the tool.
Cowork runs on Pro, Max, Team, and Enterprise plans per Anthropic’s release notes, and on the business tiers your content is not used to train models by default, as Anthropic’s privacy commitments set out. Here’s the checklist Fusion Computing runs with a clinic.
Why Canadian firms bring this work to Fusion Computing
CISSP-led, a Microsoft Solutions Partner and a CompTIA Managed Services Trustmark holder, securing IT for Canadian SMBs across Toronto, Hamilton, and Metro Vancouver since 2012.
Get a CISSP-led review of where AI tools touch patient information →
- Choose Team or Enterprise. A staff member running clinic work on a personal account is the first risk to fix.
- Scope to an administrative folder. Never the EMR or clinical drive.
- Default to “ask before acting.” Cowork always asks before deleting files; keep approvals on.
- Put a PHI rule in the policy. PHI stays out unless de-identified or assessed.
- Turn on OpenTelemetry monitoring. It’s the only visibility you have into what the agent did.
- Keep a privacy officer signing off. Nothing patient-facing ships without review.
- Run a PHIPA assessment first. Complete it before any patient information goes near the tool.
None of it’s exotic, and most of it takes an afternoon. Fusion Computing sets it up as part of the managed IT work we already do for clinics, and the same pattern carries to wealth management firms under their own regulators. If you want a second set of eyes before your clinic pilots Cowork, talk to us or read more about how we work.
Claude Cowork is worth adopting for the administrative load that fills a clinic’s day. The clinics that set the plan, the scope, and the PHI rule first are the ones that’ll use it calmly while their competitors are still arguing about whether it’s allowed.
Fusion Computing helps Canadian businesses across Toronto and the GTA, Hamilton, and Metro Vancouver with managed IT, cybersecurity, and Microsoft 365.
Frequently Asked Questions
Can a clinic put patient information into Claude Cowork?
Treat that as a decision, never a default. Personal health information sent to Cowork reaches Anthropic, so it leaves the clinic’s direct custody. A clinic should keep PHI out of the tool, de-identify data before processing, or complete a documented PHIPA assessment with appropriate consent first. Administrative work with no patient identifiers is the safe starting point.
Is Claude Cowork PHIPA-compliant?
PHIPA compliance depends on how a clinic uses a tool, never on the tool alone. Cowork can be used in a PHIPA-aligned way for administrative tasks with no patient identifiers, on a business plan, with a policy and a privacy officer involved. Using it with personal health information requires a documented assessment before you start.
What can a clinic safely use Claude Cowork for?
The safe uses involve no patient identifiers: drafting administrative letters and forms, writing scheduling and reminder messages from a de-identified list, maintaining clinic policies and procedures, preparing non-PHI billing references, and refining intake-form templates. Start there, prove the workflow, and keep clinical records and the EMR out of scope until a privacy officer has assessed any PHI use.
What plan does a clinic need for Claude Cowork?
A clinic should use the Team or Enterprise plan, never a personal Pro or Max account. Only the business tiers carry Anthropic’s commitment not to train on your content by default, plus the owner and admin controls a clinic needs. A staff member running clinic work on a personal account is the first risk to remediate.
Want a PHIPA-aware AI use policy before your clinic pilots Cowork? →
Is patient data used to train the model?
On Team and Enterprise plans, your content is not used to train Anthropic’s models by default. The bigger point for a clinic is custody. Even without training, PHI sent to the tool reaches Anthropic, so the safe default is to keep patient information out unless a PHIPA assessment says otherwise.
How is Claude Cowork different from health-specific AI?
Health-specific AI tools are built into clinical systems and scoped to clinical use. Claude Cowork is a general desktop agent that works across your own files and apps, which makes it a strong fit for clinic administration and a poor fit for raw clinical records. The practical differences are where the data lives and how broadly the agent can reach.
Does Claude Cowork work on Windows or only Mac?
Claude Cowork works on both macOS and Windows through the Claude desktop app, and it reached general availability on both on April 9, 2026. It is not available on the web or on mobile. Some capabilities, such as computer use, arrived first as research previews, so confirm the current feature list for your platform inside the app.
Who at the clinic should run Claude Cowork?
Start with administrative staff and a privacy officer, never the whole clinic and never clinical users handling charts. Cowork is an organization-wide setting that owners can switch on or off, and granular per-user controls are limited, so a deliberate pilot with named users beats a broad rollout. Pair it with training and a written PHI rule first.
