Skip to main
University-wide Navigation


What is the policy for generative AI in courses?

Instructors have authority to determine policies, within the bounds of senate rules, for the appropriate use of technologies in their courses. Course policies regarding the use of generative AI are best adapted to the local context of the course. See the instructional guidelines for more considerations for course policies on generative AI.

What are the data privacy concerns for generative AI in instructional contexts?

Student education records should not be input into third-party generative AI detection tools or systems unless and until the tools/systems have been vetted for data privacy and other AI governance issues and approved by the university for use. This includes generative AI systems that include detection tools. The Family Education Rights and Privacy Act (FERPA) applies to all student education records, which are “records that are directly related to a student and that are maintained by an educational agency or institution or a party acting for or on behalf of the agency or institution.”

How can I learn more about generative AI for teaching and learning?

The Center for the Enhancement of Learning and Teaching (CELT) maintains web resources, consults with instructors and staff, and hosts a range of programming on the use of generative AI in teaching and learning. CELT can be contacted using its main webpage.


Can generative AI be used in research?

The use of generative AI in research will differ by discipline in what is considered appropriate. Check with your disciplinary authorities, organizations, funding agencies, and publications for a more context-specific understanding of how generative AI may be used in research and scholarly activity in your area. See the guidelines for more information about generative AI use in research, including for use in grant proposals, peer review, and publishing.

What privacy concerns arise when using generative AI for research?

Inputting any research data into a generative AI tool renders that data available in the AI tool and its use. Accordingly, data privacy review is needed before any Protected Data (AR 10.7) is entered into a generative AI tool (whether the tool is publicly available or not) to ensure that the tool’s data privacy and security program complies with all applicable laws and university guidelines. See the guidelines for more information about privacy concerns and considerations for using generative AI in human subject/participant research.

Who is responsible for content generated by AI?

Generative AI cannot be designated authorship as it cannot be held accountable for issues such as research misconduct/plagiarism or intellectual property misuse. Researchers are responsible for the content and accuracy of all aspects of their work. Human authors must take responsibility for the content and the accuracy, factualness, or veracity of the data and analysis presented in the research. Generative AI enables potential use in research but “it does not excuse our judgment or accountability.”

Clinical Care

When is it appropriate to use generative AI in clinical care?

Any rollout or integration of a generative AI tool within Epic and other secure UK HealthCare systems such as 3M and Hyland OnBase will be reviewed and approved by the appropriate IT governance authorities in UK HealthCare regarding risk and regulatory compliance. We recommend against using generative AI for clinical care outside of secure UK HealthCare system. See the guidelines for more details on the use of generative AI in clinical care.

What are the areas of concern when considering the use of generative AI in clinical care?

Areas of concern include privacy and security, human agency and accountability, black-box technology, accuracy and falsifications, and bias and equity. See the guidelines for more information about these concerns.

How do I handle vendor requests?

As there are many new options becoming available to enhance our day-to-day work, please reach out to UK HealthCare leadership for general questions and ideas. Any specific requests to integrate or interface with a third-party generative AI vendor (including a third-party interface in Epic) should be sent to UK HealthCare’s  Demand Management Committee where it will be reviewed for security, safety, architecture, data, and privacy.