EKB Labs
← Writing15 July 20263 min read

Is ChatGPT HIPAA compliant for patient data?

Consumer ChatGPT cannot lawfully hold patient data. Here is what HIPAA requires of an AI vendor and the architecture that keeps PHI safe.

  • hipaa
  • healthcare-ai
  • compliance

No. The consumer versions of ChatGPT, Free, Plus, Pro and Team, cannot lawfully hold patient data. The moment an AI tool touches protected health information it becomes a HIPAA business associate, which means a signed business associate agreement is required first. A clinic that pastes patient notes into consumer ChatGPT is breaching HIPAA.

What counts as PHI once AI is involved

PHI is any health information that can be traced back to an individual, and that definition does not soften because a model is involved. Names, dates, record numbers and diagnoses are the obvious cases. The part clinics miss is that vector embeddings of patient records can also count as PHI, because those numbers still map back to a real person. HIPAA Journal's guidance on healthcare data and artificial intelligence is clear that AI processing of identifiable health data sits squarely inside HIPAA's scope.

Once a model is in the loop, PHI shows up in more places than most clinics track.

  • Free-text notes pasted into a prompt
  • Uploaded files, scans and images tied to a patient
  • Vector embeddings and search indexes built from patient records
  • Model outputs that repeat identifiable detail
  • Logs and prompt histories the vendor retains on its side

Why an AI vendor touching PHI becomes a business associate

Any vendor whose product handles PHI on your behalf is a business associate under HIPAA, and a business associate agreement has to be signed before data flows. The agreement is what binds the vendor to the same safeguards you carry, and it is what gives you a legal footing if data is exposed.

Consumer ChatGPT, Team included, does not come with a business associate agreement. There is no lawful route to feed it PHI, whatever the interface lets you type. OpenAI will sign a BAA for specific API and enterprise arrangements, but the consumer chat products your staff open in a browser are not those arrangements. If the tool is not covered, the data does not go in.

What HHS signalled in 2025 about AI in your risk analysis

HHS now expects AI systems that handle electronic PHI to sit inside your formal risk analysis, not beside it. The proposed update to the HIPAA Security Rule pushes covered entities to map every system that stores or processes electronic PHI, and an AI tool is not exempt.

If a model, its vector store or its logs can hold identifiable data, it belongs in that inventory, with the same access controls, encryption and audit expectations as any other clinical system. Treating an AI tool as a harmless side channel is exactly the gap a regulator will find.

What a compliant architecture looks like

A compliant setup keeps patient data inside a boundary you control, runs inference only against an endpoint covered by a signed BAA, and records every call. I built exactly this for a US healthcare practitioner. The system runs parallel inference, so it works through many records at once, but every request stays inside a controlled boundary. Three properties make it defensible.

  • Controlled inference under a signed BAA. Requests go to an enterprise endpoint covered by a business associate agreement, never a consumer app.
  • No training on client data. The provider is contractually barred from training on anything we send.
  • A full audit trail. Every request, response and access event is logged, so we can show who touched what and when.

Consumer ChatGPT fails all three, and that is the whole point of the diagram below.

A decision diamond asking whether a tool processes PHI. A yes branch leads to a required BAA and controlled inference. A no branch leads to safe to use. A blocked path down the centre bars consumer ChatGPT from patient data.
Fig. 1 — One decision. PHI routes through a BAA, or it does not flow.

Three questions to ask any AI vendor before patient data flows

Before any patient data reaches a tool, three questions settle whether it is lawful.

  • Will you sign a business associate agreement. If the answer is no, the tool cannot touch PHI, full stop.
  • Do you train on our data. It has to be a contractual no, in writing, not a setting someone can flip.
  • Can we get a full audit log. If you cannot prove who accessed what and when, you cannot prove compliance.

If a vendor cannot answer all three cleanly, patient data does not go near it. Everything else about the tool is secondary to those answers.

Where clinics get value without touching regulated data

Most of the value clinics want from AI does not require PHI at all. A large share of daily admin runs on information that was never a patient record, and that work is safe to automate today.

  • Drafting and updating internal policies
  • Turning public clinical guidance into plain-language patient leaflets
  • De-identified data analysis, where identifiers are stripped before anything is sent
  • Rota, intake and admin templates that never contain a real patient

Start there. Keep the regulated data behind the BAA boundary, and you get most of the upside with none of the exposure.

We have delivered 150+ automation projects across 15 countries, including the PHI-safe build described above. If you want to know which of your AI workflows touch regulated data and which are safe to switch on today, that is what the Diagnostic is for. If you already know you need controlled inference built properly, the Claude Code consulting page and the Solar System Architecture show how we do it.