As AI becomes increasingly embedded in day‑to‑day life and legal practice, it is essential to consider the risks associated with uploading data into AI tools. This is particularly pertinent where the data is confidential, sensitive, or privileged.
With this in mind, we consider a recent case that demonstrates the significant consequences that can flow from the use of public AI tools in relation to healthcare claims.
In UK v Secretary of State for the Home Department (AI hallucinations; supervision; Hamid) [2026] UKUT 81 (IAC), the Upper Tribunal held that:
“Uploading confidential documents into an open-source AI tool, such as ChatGPT, is to place this information on the internet in the public domain, and thus to breach client confidentiality and waive legal privilege, and any such conduct might itself warrant referral to the regulatory body and should, in any event, be referred to the Information Commissioner’s Office”.
In essence, the Tribunal confirmed that uploading documents into a public or open‑source AI tool renders those documents public.
Once legal proceedings commence, parties are required to disclose relevant documents to all other parties for inspection. However, they have the right or duty to withhold inspection of documents that are privileged.
The two main categories of privilege are:
These are communications between a lawyer and their client produced for the purpose of seeking and receiving legal advice.
These are communications created for the purpose of obtaining information or advice in connection with existing or contemplated adversarial litigation.
In the Healthcare & Sports team, our clients rely on our legal advice regarding breach of duty, causation, quantum, settlement and litigation strategy. This falls under ‘legal advice privilege’ and so should not be available to the opposing side in litigation. Similarly, expert opinions fall within litigation privilege and are not disclosable to the opposing party.
Making any such documents publicly available by uploading them into a public AI tool may lead to forced disclosure of previously protected legal advice, exposing the client’s strategy discussions and ultimately weakening their position in litigation or during settlement negotiations.
Importantly, it does not matter who uploads the document; an expert who uploads even a draft report into a public AI tool may be exposed to serious consequences around the integrity and conduct of the case.
Likewise, a lawyer who uploads draft advice for review, checking or summarising may, in doing so, render that draft correspondence publicly available and therefore waive its position as to its legal advice privilege.
Although the case touches on privilege, the Tribunal’s decision sets out that uploading documents into a public AI makes them publicly available.
This is particularly relevant to healthcare practitioners where there is a real likelihood of medical records being uploaded for the purpose of obtaining a summary. In doing so, this not only breaches patient confidentiality but may also prejudice the defence in any future claim.
Although such records may ultimately be available for inspection, disclosure under the Civil Procedure Rules is a controlled process. Uploading such documents into public AI tools removes a party’s ability to control the timing, scope and manner in which documents are made available for inspection and may weaken its position.
The risks are even higher with claims lasting an extensive period of time, particularly those involving children, which may run for many years before and after legal proceedings are issued.
Repeated use of public AI tools during the lifespan of such claims risks incremental disclosure of strategic and privileged material that would otherwise remain protected, hindering the healthcare practitioner’s ability to defend the claim.
Although it may be difficult to determine who uploaded particular documents into a public AI tool, any resulting loss of confidentiality may have serious and irreversible consequences for the claim, such that careful consideration is required when doing so.
In this case, the Tribunal expressly held that that the use of legal AI programmes by properly trained professionals is a step forward in legal practice. Importantly, it highlighted that the use of closed source AI tools (e.g. Microsoft Copilot) does not place information in the public domain.
The risks associated with public AI tools must therefore be actively considered. If documents are being uploaded to AI, these should only be processed using private, company‑approved AI systems, even where a claim has not yet been commenced.
Stella Chereshneva - Case Handler

The service you deliver is integral to the success of your business. With the right technology, we can help you to heighten your customer experience, improve underwriting performance, and streamline processes.