Source: WEO AI Policies (authoritative document), real-world policy evolution, AI Policy Research Report
Time: Read 10 min | No external watch (this is WEO-specific, not Anthropic-covered)
Short and mandatory. Read the full policy at WEO AI Governance before you use Claude on live client work. This module gives you the top-5 do’s and don’ts as a quick reference — but the authoritative source is the full policy document. When in doubt, check it or ask the AI council.
Why This Module Exists
WEO is a dental marketing agency. That means three things are always in play:
- HIPAA. Our clients’ patients have protected health information (PHI). We don’t handle PHI directly in most cases, but adjacent information (names + practice + condition, for example) can be sensitive.
- Client trust. Clients trust us with their brand, their unreleased campaigns, their strategy. AI tools have terms of service that vary on how input data is stored and used.
- Regulatory framework. Dental marketing has FDA digital health guidelines, ADA accessibility requirements, state-level rules (California AB 3030 and similar), and CCPA/GDPR exposure. Plus ISO/IEC 42001:2023 as the standard WEO aligns with.
The rules below keep you — and the agency — on the right side of all three.
The Top 5 Don’ts
1. Don’t paste PHI or patient-identifying info into Claude
No names + conditions, no appointment records, no patient photos, no insurance info. Dental clients’ EHR data never enters Claude, ever.
Safe example: “Write a blog about how orthodontic treatment helps adult patients.” Unsafe example: “Write a case study about Jane Doe (patient ID 12345) who had Invisalign treatment at [practice name].“
2. Don’t generate medical advice or unsupported treatment claims
Claude can write marketing copy that describes services. It cannot say “this treatment will cure X” or “this procedure is safer than Y.” Any clinical claim needs a human clinician (or verified clinical source) behind it.
Safe example: “Explain how dental implants work in plain language.” Unsafe: “Write content stating dental implants are 100% permanent and never fail.”
3. Don’t generate fake reviews, testimonials, or before/after imagery
No AI-generated patient testimonials. No AI-modified before/after photos. No fake quotes. This is a severe violation under WEO policy and could trigger immediate action.
4. Don’t use unapproved AI tools or enable connectors without approval
WEO has an approved-tools list (Marketing team: ChatGPT / Claude / Jasper.ai / Copy.ai / Canva AI). Don’t copy-paste client data into random new tools you find. Don’t enable new connectors in your Claude workspace on your own — that’s the 5-person connector-review team’s job.
5. Don’t mix client data across accounts
Client A’s brief doesn’t go into Client B’s Project. Each client gets their own Project with their own knowledge. Cross-contamination risks everything from confusion to contract breach.
The Top 4 Do’s
1. Apply 100% human review to everything AI-produced
Claude drafts; humans ship. Every AI-generated deliverable goes through the 3-stage content review:
- Stage 1 (you): Grammar, facts, brand voice, optimization
- Stage 2 (manager): Strategy, differentiation, compliance
- Stage 3 (director): Client fit, risk, release authorization
No AI output ships un-reviewed. Ever.
2. Classify before you paste
WEO uses a 4-level data classification. Before you paste anything into Claude, ask: “What level is this?”
| Level | Type | Claude.ai OK? |
|---|---|---|
| 1 — Public | Published content, marketing collateral | ✅ Yes |
| 2 — Internal | Internal comms, employee stuff | ✅ Generally yes (check with manager for sensitive items) |
| 3 — Confidential | Client strategies, financial data | ⚠️ Only in approved client Projects with enterprise safeguards — ask |
| 4 — Restricted | PHI, payment info | ❌ Never |
If you’re unsure which level something is, assume higher and ask.
3. Follow the tool/account guidance
WEO’s 3-tier account policy (from real-world policy evolution):
- Team/Company accounts — management-approved, tracked in Ranger. Use these for client work.
- Individual reimbursed accounts (<$10/month) — via tech reimbursement. Fine for learning/experimentation.
- Personal accounts — NOT approved for significant WEO work unless registered in Ranger.
Don’t do client work on a personal Claude account. If you’re unsure which kind of account you’re on, ask IT.
4. When in doubt, ask the AI council
The council exists to answer “is it OK to…?” questions. Using it is a sign of strong judgment, not weakness. Module 8 has the details on how to reach them.
Three-Tier Usage Model (Know Which You’re In)
WEO applies a 3-tier model to any AI usage:
- Tier 1 — Experimental (sandboxed). Learning, testing, personal productivity. Synthetic data only. Low approval bar.
- Tier 2 — R&D (internal tools). Internal agency work, non-client-facing. Higher approval bar.
- Tier 3 — Production (client-facing). Work that reaches a client or their audience. Requires full review process, approved tools, approved accounts, approved data handling.
Most of this course is Tier 1 territory. The moment you switch to real client work, you’re in Tier 3 — all the rules apply.
The 3-Tier Review Framework (Match Stakes to Scrutiny)
- Low risk — self-review. Drafting internal notes, summarizing public articles, brainstorming.
- Routine — SME review. Most client-facing marketing work. Go through the 3-stage content review above.
- Launch-critical — senior management review. Anything going to a new channel, an unusual claim, a client with elevated sensitivity. Flag early, review hard.
If you’re not sure which bucket something is in, ask your manager.
Key Takeaways
- Read the full policy at WEO AI Policies before using Claude on real client work. This module is a quick-reference, not a replacement.
- No PHI. No clinical claims. No fake reviews. No unapproved tools. No cross-client data mixing.
- Always: review, classify, use approved accounts, ask when unsure.
- The 3-tier account, usage, and review models match the level of scrutiny to the stakes. Match them in practice.
- The AI council is your friend, not a gate. Use it.
Related
- Next: Module 8 — Keep Learning
- WEO AI Policies — the full document ← read this
- WEO AI Council Charter
- How these policies play out in practice
- AI Policy Research Report (speed accelerators, 3-tier connector model)
- Current status of policy rollout
Try It (5 minutes, no Claude required)
- Open WEO AI Governance and read it end-to-end. It’s long but not that long. Better to read it once than guess later.
- Write down three scenarios from your own recent work where the rules above would apply. Examples:
- “Last week I pasted a client’s SEO audit into Claude to summarize it — was that Level 2 or 3?”
- “A client asked for a patient success story page — how do I handle that without fake testimonials?”
- “I want to try a new AI tool I saw on LinkedIn — what’s the approval process?”
- If you have unresolved questions after reading the policy, bring them to the AI council. That’s what they’re for.
Done? Move on to Module 8.