Clinical ecomap. AI without compromising PHI.
GenogramAI is the only AI ecomap tool that strips identifying information from every AI request client-side, then re-identifies the response locally. Real names never reach the model.
Open with Clinical ModeWhat “clinical ecomap” means
A clinical ecomap is an ecomap used within a formal clinical or care-management context — social work, behavioral health, case management, community nursing, or hospital social work departments. In these settings, the diagram is part of the clinical record, which brings two additional requirements that a generic diagram tool does not address: the output must follow Hartman’s published conventions (so that every clinician on the care team reads it the same way), and the process of creating it must not expose protected health information (PHI) to third-party AI providers.
HIPAA’s Privacy and Security Rules do not prohibit using AI to assist with clinical documentation — but they do require that covered entities and their business associates implement appropriate safeguards. When a clinician describes a client’s situation in plain language to an AI, that description typically contains PHI: the client’s name, diagnoses, family structure, provider relationships. Sending that verbatim to a third-party model API without a Business Associate Agreement (BAA) and appropriate technical safeguards creates compliance exposure.
GenogramAI’s Clinical Mode addresses this directly: a client-side de-identification function replaces real names with role-based aliases before any data leaves the browser. The AI receives the ecological structure of the case without the identifying details. The re-identification mapping stays in the browser only — it never reaches the server or the model provider. All saved canvases are AES-256-GCM encrypted at rest, and Institutional plans include a BAA for organizations that require one.
What Clinical Mode does
PII stripped before send
Every name is replaced with a role-based alias (e.g., 'Client', 'Therapist 1') before the request leaves the browser. The AI never sees your client's real name.
Re-identification client-side
The AI's response comes back with aliases; a client-side function maps them back to real names. The mapping table never leaves your browser.
AES-256-GCM at rest
Every saved ecomap is encrypted with AES-256-GCM. Even our database admins cannot read the contents.
De-identification audit log
Every Clinical-Mode AI call writes a log entry showing the function called, model used, and timestamp — no payload, no PHI. Useful for compliance documentation.
BAA available
Institutional plans include a Business Associate Agreement so organizations needing formal HIPAA infrastructure have it.
Why this matters
Most AI tools send your prompt verbatim to the model provider. For clinical intake notes, that means PHI leaves your network. Clinical Mode is engineered so the AI’s usefulness is preserved (the structure of the case is intact) without the identifying information traveling.
FAQ
Is GenogramAI HIPAA-compliant?+
GenogramAI is HIPAA-conscious. In Clinical Mode, identifying information is stripped from AI requests before they leave the browser; the AI sees role-based aliases. All canvases are AES-256-GCM encrypted at rest. We can sign a Business Associate Agreement (BAA) on Institutional plans for organizations that need a formal compliance posture.
How does the de-identification work?+
Before any AI call, a client-side function maps real names to aliases ('Client', 'Therapist 1', 'Family Member 2'). The AI's response is mapped back to real names client-side — the mapping never leaves your browser. We keep an audit log of each de-identification event so you can demonstrate compliance posture during reviews.
Who is this for?+
Clinical social workers, therapists, counselors, behavioral-health programs, hospital social-work departments, and any practitioner who works under HIPAA. Not required for non-clinical work — Clinical Mode is opt-in.
Free Downloadable Guides
Print-ready PDFs you can reference anytime — no sign-up required.