Better Than Google, Still Risky: The OpenEvidence Story

65% of US doctors are using an AI tool their hospital never approved — on personal phones, under click-through contracts. Sherri and Matt unpack what every CISO and IT leader should learn from it about shadow AI, "free" professional tools, and the contracts nobody's reading. The tool is OpenEvidence — 27 million clinical queries in April 2026 alone, 60% of them shaping actual treatment decisions. Doctors love it because the alternative was Googling patient symptoms on a personal browser. Their hospitals mostly don't know it's happening, and the vendor's click-through Business Associate Agreement authorizes them to use that data to train their models forever. Healthcare is the example. The same pattern is showing up in legal, financial services, engineering, and HR right now — different tool, same structural risk. Tune in for five concrete takeaways security and IT leaders can use this week. Key Takeaways: Inventory shadow AI. Ask your staff what AI tools they use to do their jobs, not whether they're using unauthorized tools. The real number is likely 2–5x what you'll find. Read the actual contract before letting any AI tool touch sensitive data. Find the training-data clause, the termination clause, the audit rights, and who the "Customer" really is. Click-through BAAs don't protect the employer. Treat every AI prompt as a disclosure. Removing names doesn't make data safe. Combinations of attributes, dates, locations, roles, rare events, can re-identify people even without a name attached. Take a position on shadow AI and communicate it. Decide which tools your organization sanctions, which it blocks, and which fall in between. Silence is implicit endorsement. Push back on every "free" professional AI tool. Ask who's paying and what they're buying. If it's not you, the product is your professionals' decisions. Resources: https://www.nbcnews.com/tech/tech-news/openevidence-ai-doctor-medical-physician-login-app-what-npi-uptodate-rcna341064 https://www.healthcare.digital/single-post/clinical-intelligence-a-strategic-analysis-of-openevidence-and-the-multi-agent-medical-ai-ecosystem https://www.ama-assn.org/system/files/physician-ai-sentiment-report.pdf