Is ChatGPT HIPAA-Compliant?

Written By Annalee Sharma

Short answer: No.

Long answer: It depends on how you use it—and what you’re sharing.

ChatGPT (even the paid version) does not sign a Business Associate Agreement (BAA), which means it can’t legally process Protected Health Information (PHI) under HIPAA.

That doesn’t mean you can’t use it at all.

It just means you need to set clear boundaries.

✅ Safe Uses:

  • Writing blog posts or emails without PHI

  • Brainstorming patient education materials

  • Generating intake form templates (without real patient data)

🚫 Risky Uses:

  • Typing in real patient symptoms, names, dates

  • Asking it to write treatment summaries with any identifiers

  • Letting admin staff use it without a usage policy

💡 Want a safer option? Look for AI tools built for healthcare with a BAA or set up your own secure, isolated instance.

Annalee Sharma
Previous

Document AI Usage in Your HIPAA Policies
Next

3 Mistakes Solo Providers Make When Trying AI Tools