One of the most honest figures of the year comes from healthcare: per the Doctolib Digital Health Report 2026, 50% of the doctors surveyed use private, non-certified AI tools like ChatGPT — mostly for research. Doctolib calls the phenomenon "shadow AI".
That isn't an accusation against the profession but a symptom: the need is huge, a compliant alternative is missing. And this is exactly where it gets delicate — because patient data is among the most strictly protected data there is. Let's read the numbers correctly, and look at what actually helps.
What the Doctolib numbers show — read correctly
Half of the doctors surveyed use private AI tools like ChatGPT — but predominantly for research (50%), less often for documentation (28%). Among medical assistants it is 30% and 17%. Important context: this does not mean half of them enter patient data into ChatGPT — but the tool has arrived in everyday practice.
| Metric (Doctolib/YouGov 2026) | Value | Context |
|---|---|---|
| Doctors using private AI for research | 50% | core finding; for documentation: 28% |
| Medical assistants using private AI for research | 30% | for documentation: 17% |
| have data-protection/security concerns | 54% | the same respondents |
| doubt AI accuracy for diagnoses | 60% | scepticism despite use |
| see digitalization as helpful | 79% | the need is clearly there |
Honesty requires this: it is a YouGov survey commissioned by Doctolib among 414 doctors and medical assistants (alongside 1,000 patients surveyed) — a directional sentiment reading, not a representative or peer-reviewed study. But the direction is confirmed by independent research too: per Bitkom (with the Hartmannbund, 2025), AI is now in use in 15% of practices and among 18% of hospital doctors — there it means institutional, also certified, use, not private shadow AI. Both findings show the same thing: AI has arrived in care; the only question is how controlled.
Why patient data must not go into cloud AI
Health data is a special category of personal data under Article 9 GDPR — its processing is generally prohibited, with narrowly limited exceptions such as explicit consent. Even a single input of identifiable patient data into a consumer cloud LLM is legally a "disclosure" and is inadmissible without a valid exception.
On top of that comes the criminal confidentiality duty. § 203 StGB makes the unauthorized disclosure of an entrusted patient secret a criminal offence — for doctors, up to one year's imprisonment or a fine. What matters for the AI question is subsection 3: professionals bound to secrecy may pass secrets to "other participating persons" — such as IT or AI service providers — insofar as necessary for their work. But subsection 4 requires those persons to be obligated to confidentiality, otherwise the doctor is liable.
This is not a blanket cloud ban but a precise yardstick: a contractually bound, secrecy-obligated provider can be an admissible participating party. A free ChatGPT is not — no contract, no obligation, no control over processing on US servers, and on consumer tiers training on inputs by default (business and enterprise tiers, per the provider, do not train on workspace data). It's exactly this asymmetry that decides.
| Patient data in … | consumer cloud AI (e.g. free ChatGPT) | local, sovereign AI |
|---|---|---|
| Data residency | US/global servers | in-house, your own hardware |
| Inputs as training data | possible by default on consumer tiers | excluded, no external APIs |
| Art. 9 GDPR (health data) | "disclosure", usually without a valid exception | in-house processing, no third-country transfer |
| § 203 StGB (participating party) | no contract, no obligation | contractually obligatable to confidentiality |
| Control & deletion | at the provider | under your own control |
| Traceability | none | complete audit trail |
Not a discipline problem, but a tool vacuum
Doctors don't reach for ChatGPT out of carelessness but because the pressure is real and the compliant alternative is rare. Per the Marburger Bund's MB-Monitor, employed doctors spend on average around three hours a day on administration and documentation — a third even at least four. When a tool noticeably reduces that load, it gets used, with or without approval.
The real conflict shows in the numbers themselves: 54% of respondents have data-protection concerns and 60% doubt the AI's accuracy — and use it anyway. That is not a sign of recklessness but of missing infrastructure. A ban changes little; it merely pushes usage out of sight. We've described the same pattern across sectors: that shadow AI also gets expensive, and that the problem in regulated sectors like construction has the same root — sensitive data that must not leave the building.
How a local, permission-aware AI opens the compliant in-house path
The effective lever is not the ban but a good, sanctioned alternative that works where the data has to stay anyway. A local, permission-aware AI processes patient data on your own hardware — with no external APIs. The data does not leave the building, and the most dangerous path — uncontrolled outflow into third-party clouds — falls away structurally.
This is exactly where Lokalaise comes in: a grounded AI platform on your own hardware that connects clinical documents — findings, doctors' letters, guidelines, hospital-information-system content — permission-aware, without them ever leaving the building. That addresses both legal questions at once: processing stays in-house (Art. 9 GDPR), and a bound local provider is contractually obligatable as a participating party (§ 203 StGB). An audit trail makes every use traceable — the precondition for actually being able to evidence data protection (see Security & data sovereignty).
The regulatory pressure is growing rather than easing: the European Health Data Space (EHDS, Regulation (EU) 2025/327, in force since March 2025) applies generally from 2027, with primary use phased in from 2029 and 2031; in parallel, the German data-protection authorities' guidance on hospital information systems is being redrafted — driven by EHDS and AI, with no date set yet. Whoever keeps patient data in-house today is prepared for both. To be clear: Lokalaise is an enabler, not legal or medical advice — which processing is admissible in your institution is something to clarify with your data-protection and legal teams.
Your next steps
Three questions show how large your shadow-AI risk is in your clinic or practice:
- Visibility: Do you know which AI tools your doctors and assistants use today — and with which data?
- Legal basis: Is there a sanctioned AI that works as an obligated participating party (§ 203 StGB) and without third-country transfer (Art. 9 GDPR)?
- Control: Is AI access permission-limited and reviewable after the fact?
Wherever you hesitate, it's worth a closer look. In a short demo we'll show how a local, permission-aware AI keeps patient data in-house — and makes achievable the productivity gain that makes shadow AI attractive in the first place.
Frequently asked questions
Conclusion
Shadow AI in healthcare is not a question of discipline but of missing infrastructure: doctors reach for ChatGPT because the documentation pressure is high and a compliant alternative is rare. But patient data is specially protected under Art. 9 GDPR, and feeding it into a consumer cloud AI can be a criminal disclosure under § 203 of the German Criminal Code. The way out is not abstaining from AI but a local, sovereign AI that keeps patient data in-house, can be contractually bound as a participating party, and makes every use traceable in an audit trail.
Written by
Marius Gill
CTO @ Lokalaise
