ChatGPT Health HIPAA Questions and Answers

What if clinicians upload medical records into ChatGPT Health?

"If clinicians upload patient medical records into ChatGPT Health", it is a HIPAA breach for the HIPAA covered entity that they work for. If patients upload their own medical records themselves into ChatGPT Health, it is NOT a HIPAA breach, because ChatGPT Health is not offered currently by a HIPAA-regulated entity.

So clinicians, better yet HIPAA-regulated entities MUST ONLY use or disclose protected health information using ONLY HIPAA-compliant AI systems that are offered by the HIPAA covered entity, or by the HIPAA covered entity’s business associate that they work for.

"Is ChatGPT Health HIPAA-compliant?

HIPAA compliance applies specifically to HIPAA-regulated entities, which are covered entities (healthcare providers who conduct certain financial and administrative transactions electronically with Protected Health Information (PHI), health plans, and healthcare clearinghouses), business associates (Entities that use or disclose PHI on behalf of covered entities), and subcontractors (Entities that carry out duties on behalf of their business associates, that involve the use or disclosure of PHI). In this very context, ChatGPT health is not subject to HIPAA compliance, as it is currently not offered or created by a HIPAA-regulated entity.

HIPAA compliance does not equate to only data security. A secure platform or application is not necessarily HIPAA-compliant. However, a HIPAA-compliant platform or application is secure.

“ChatGPT for Healthcare” supports HIPAA compliance, which is different from “ChatGPT Health”.